Slashdot Mirror


Cox Comm. Injects Code Into Web Traffic To Announce Email Outage

An anonymous reader writes "Cox Communications appears to be injecting JavaScript and HTML into subscribers' traffic, as part of their effort to announce an email service outage. Pictures showing the popup."

5 of 271 comments (clear)

  1. Nice single point of attack by Anonymous Coward · · Score: 5, Interesting

    Just compromise Cox's servers, and deliver your payload. Very blackhat friendly.

    1. Re:Nice single point of attack by jomama717 · · Score: 4, Interesting

      It's simpler than that, once ISP popups become a regularity blackhats have an incredibly simple popup to copy that people will assume is their ISP, so all must be well. "Click here, and enter your account ID to find out if you are affected"...

      In fact, is everyone absolutely certain this is actually Cox and not some malware outbreak masquerading as the ISP?

      --
      while [ 1 ]; do echo -n -e "\xe2\x95\xb$((($RANDOM&1)+1))"; done
  2. Re:Is this News? by GoodNewsJimDotCom · · Score: 4, Interesting

    Too bad you can't vote with your money when there is a monopoly/oligopoly. I remember Comcast suing the government for competing in certain areas. Why isn't UPS and Fedex suing the Post Office?

    Alternative title: Cox acting like a bunch of dicks.

  3. My ISP does this for far worse reasons. by damnbunni · · Score: 5, Interesting

    I use Millenicom, who resells Sprint, and in my area Sprint started injecting JavaScript into every page that comes over HTTP to recompress all the jpegs to a much lower quality setting.

    That, at least, I could block. Now they just recompress all jpegs that come over http to a horrible level. If I want to keep the internet from looking like ass, I have to use a secure tunnel. Which is obnoxiously slow on 3G.

    (Unfortunately, there's nothing Millenicom can do about it. It's up to Sprint. And there's no opt-out.)

  4. Re:Is this News? by theskipper · · Score: 4, Interesting

    Or instead there ought to be a simple way to just opt in. Or they could produce a FF/IE addon. Or put a big notice on their homepage with this info. Or automated social media notifications. Etc.

    Messing with DNS to redirect bad domains to ad parking pages is still around but no one cares anymore. However, this is right in the user's face which feels different, like it's an offensive volley, like one ISP is finally ready for war. The first battle in ISPs training users to accept a tainted connection.

    In all honesty, I think they picked the perfect application to start the ball rolling. Few average Joe customers would argue against email outage notifications because it seems like it's an important function that the ISP should provide. More importantly users are used to dynamic pages now, it "feels" like a Facebook or Twitter thing. So in their mind it's probably ok, or at least something that would be hard to argue against from a layman's perspective.

    So it's a good starting point to start boiling the frog. I'll bet that their internal calculations show no more than one year to completely boil the poor beast (i.e. ad insertions). That's the holy grail.