Cox Comm. Injects Code Into Web Traffic To Announce Email Outage

An anonymous reader writes "Cox Communications appears to be injecting JavaScript and HTML into subscribers' traffic, as part of their effort to announce an email service outage. Pictures showing the popup."

Is this News?

[omega6]

Providers have been doing similiar things for a while...If you want security, use https.

Re:Is this News?

[Pedrito]

No, not like this. At least I've never seen it before. This is intrusive. I've had it show up in my browser at least 3 times in the past couple of hours and it's about a service I don't even use. I don't care if their e-mail is out. I don't use their e-mail. I don't want this stuff and there ought to be a simple way to opt out.

Re:Is this News?

[sabri]

No, not like this. At least I've never seen it before. This is intrusive. I've had it show up in my browser at least 3 times in the past couple of hours and it's about a service I don't even use. I don't care if their e-mail is out. I don't use their e-mail. I don't want this stuff and there ought to be a simple way to opt out.

There is, it is called: Vote With Your Money...

Re:Is this News?

[mwvdlee]

there ought to be a simple way to opt in.

FTFY

Re:Is this News?

[Pedrito]

Actually, that's exactly what I'm going to do now. I was already pissed because my connection has been going down a lot lately. Then they pull this crap. Bye Cox!

Re:Is this News?

[GoodNewsJimDotCom]

Too bad you can't vote with your money when there is a monopoly/oligopoly. I remember Comcast suing the government for competing in certain areas. Why isn't UPS and Fedex suing the Post Office?

Alternative title: Cox acting like a bunch of dicks.

Re:Is this News?

[guttentag]

It's the modern equivalent of the phone company playing a recorded message while you are talking to someone on the phone. Or the post office opening your mail and gluing a message to the contents, ransom-note-style, about your mail carrier being out sick. It wouldn't happen. But cox wants to condition people to think of the web like cable TV, where thy can cover part of the picture with service announcements. The FCC needs to weigh in on this and stop it.

Re:Is this News?

I just love Cox. That's my favorite part of the internet. I'm on Cox for several hours a day, every day. You might say I'm a Cox addict. If Cox wants to deliver a friendly payload during my regular service, I don't find that hard to swallow. I'm quite pleased when Cox injects this sort of material for me and I'm always eager for more. If you haven't tried Cox, you really should. There's nothing quite so fulfilling or satisfying as Cox.

Re:Is this News?

[theskipper]

Or instead there ought to be a simple way to just opt in. Or they could produce a FF/IE addon. Or put a big notice on their homepage with this info. Or automated social media notifications. Etc.

Messing with DNS to redirect bad domains to ad parking pages is still around but no one cares anymore. However, this is right in the user's face which feels different, like it's an offensive volley, like one ISP is finally ready for war. The first battle in ISPs training users to accept a tainted connection.

In all honesty, I think they picked the perfect application to start the ball rolling. Few average Joe customers would argue against email outage notifications because it seems like it's an important function that the ISP should provide. More importantly users are used to dynamic pages now, it "feels" like a Facebook or Twitter thing. So in their mind it's probably ok, or at least something that would be hard to argue against from a layman's perspective.

So it's a good starting point to start boiling the frog. I'll bet that their internal calculations show no more than one year to completely boil the poor beast (i.e. ad insertions). That's the holy grail.

Re:Is this News?

[DarkTempes]

You can use noscript or any adblock addon to block this.

Look for something like <script src="http://184.178.98.*/static/FloatingContent/243/floating-frame.js" type="text/javascript"></script> in the head.
Craft rules as appropriate.

Re:Is this News?

[craigminah]

Don't want to complain or you might get Cox blocked.

Re:Is this News?

[sjames]

That and they need someone to deliver the last leg on unprofitable routs. More privatized profits and socialized losses.

Re:Is this News?

[religious+freak]

Just remember to pay your bill. Otherwise they'll cut off your Cox.

Re:Is this News?

[paiute]

http://www.esquire.com/blogs/politics/post-office-default-11215023

"In other words, we can no longer have nice things from what is still, in theory, our government, because we have placed what is still, in theory, our government into the hands of vandals and madmen, so the solution is to hand everything over to a private sector that repeatedly has shown that, in the pursuit of an extra nickel in profits, it would sell your grandmother to the Somali pirates and drill an oil-well in Lincoln's nose on Mount Rushmore."

Re:Is this News?

[RMingin]

So... Your Cox has been down more than you'd like, and you can't get your Cox to stay up? Getting rid of it entirely is an option, I suppose, but I keep hearing about medications that claim to keep your Cox up any time you want it up.

Re:Is this News?

[Kjella]

So... Your Cox has been down more than you'd like, and you can't get your Cox to stay up? Getting rid of it entirely is an option, I suppose, but I keep hearing about medications that claim to keep your Cox up any time you want it up.

Well his email is down, so he hasn't been getting any of the many, many, many offers to fix this.

Re:Is this News?

[martin-boundary]

Wrong. Injecting HTML code into an HTTP stream breaks the end-to-end principle. With HTML5 being as complex as it already is and web apps doing all sorts of Weird JavaScript Shit(TM), there is no way anyone can guarantee that adding HTML snippets _anywhere_ won't break a user's session. This isn't fixable on the user end, this is buggy behaviour in the network.

Re:Is this News?

[Grishnakh]

I used to be a Cox customer until last month, because I moved across the country (to where Comcast is the cable provider, and IME they suck far, far worse than Cox, just judging by the few weeks of service I've had with Comcast versus about 7 years with Cox).

This announcement is especially annoying, because it's an outage on some stupid service that no one with a brain would ever use. Seriously, what moron actually uses ISP-provided email in this day and age? What a brilliant idea: as soon as you have to move or change providers for some reason, all your email is suddenly gone, and your email address is defunct, and if you didn't notify everyone in your address book beforehand you're screwed.

Re:Is this News?

[TWX]

If someone's stealing cable from your service line, are they sucking your COX?

They should have warned us

[icebike]

Shouldn't they send an email warning us about injecting stuff in our web traffic?

Re:They should have warned us

[WWJohnBrowningDo]

I just injected a woosh into your HTTP stream.

You should feel it soon; or maybe it'll just go over your head again.

The amusing part

is that it refers to Outlook Express, a mail client that was deprecated over 5 years ago.

Nice single point of attack

Just compromise Cox's servers, and deliver your payload. Very blackhat friendly.

Re:Nice single point of attack

[jomama717]

It's simpler than that, once ISP popups become a regularity blackhats have an incredibly simple popup to copy that people will assume is their ISP, so all must be well. "Click here, and enter your account ID to find out if you are affected"...

In fact, is everyone absolutely certain this is actually Cox and not some malware outbreak masquerading as the ISP?

Illegal?

[Jane+Q.+Public]

"At least I've never seen it before. This is intrusive."

I'm not certain, but isn't there a law against messing with your packet stream, and inserting their own content?

It might depend on your user agreement, but I would never intentionally agree to a provision that would let my ISP alter my content.

Re:Illegal?

[girlintraining]

I'm not certain, but isn't there a law against messing with your packet stream, and inserting their own content?

There used to be. Nowadays is the law is basically "You, pathetic peon citizen. Them, corporation. They win."

My ISP does this for far worse reasons.

[damnbunni]

I use Millenicom, who resells Sprint, and in my area Sprint started injecting JavaScript into every page that comes over HTTP to recompress all the jpegs to a much lower quality setting.

That, at least, I could block. Now they just recompress all jpegs that come over http to a horrible level. If I want to keep the internet from looking like ass, I have to use a secure tunnel. Which is obnoxiously slow on 3G.

(Unfortunately, there's nothing Millenicom can do about it. It's up to Sprint. And there's no opt-out.)

Re:My ISP does this for far worse reasons.

[X0563511]

Yea, it's obnoxiously slow because the images haven't been compressed to shit.

They are trying to hide that your connection is garbage.

I have Sprint myself. Horribly slow.

Raise your hand..

[claar]

Yep, I received this too, right on Netflix. Um, thanks, Cox, but even if I used your email service, I'd really rather watch my movie..

Keep your hands off my traffic, please. Is it too much to ask for you to simply carry my bits back and forth for the agreed-upon amount?

Re:What a crap

[DarkTempes]

You'll care when your ISP starts doing this because no one cared when it happened to others...

First they inject for "emergency notifications" and then next they'll inject for "advertisements to keep your bill down" or something even worse.

Re:Posting from Cox in Irvine, CA

I've seen a lot of people suggest "just use Google DNS", but frankly it's a disturbing trend (unless, naturally, your existing DNS provider is even less trustworthy.)

By using Google's recursive DNS servers you should be aware that you're offering them even more information about your online habits, as if they probably didn't have enough already. I'm pretty sure that a capitalist company like Google isn't offering free recursive DNS for purely altruistic purposes (or just to 'speed up browsing').

It's also no secret that Google are proposing including the original source IP in EDNS in recursive lookups too, again obstensively for routing edge services, but of course it also has that side effect of offering all that extra juicy information to slurp up.

Before I get jumped on as a troll, I'm not anti-Google or pro-anything else, I'm not suggesting you run away from Google and use $competitor, which basically is a choice of no difference, I'm just saying before you decide to move all your services over like that, just think about the disconcerting amount of trust being placed in a company that is in the business of getting as much personal information about you as possible for their ad networks.

Bad practice..

[Nezic]

So now internet companies are essentially trying to train users to trust whatever information shows up on a web page that claims to be from 'known' sources?

After all the problems that spoof emails cause for people who don't know better, you'd think an internet provider *would* know better.

Causing web outage to announce email outage?

[billstewart]

I'm sorry, but if you're injecting Javascript and other text into my web sessions, that's a Web Outage (and a serious security threat.) If you're doing it to announce that your email service is down, that's probably annoying to customers who do use your email service, and much more annoying to customers who don't.

(Unlike many people here, I actually do use my ISP's email service, because it includes a shell account where I'm running procmail, in addition to the spam filtering they do, so email that gets forwarded by my primary email address does go through there. But otherwise I'd be running the filters somewhere else. And it still doesn't justify breaking my http sessions.)

Re:Posting from Cox in Irvine, CA

[DarwinSurvivor]

If you find a way to inject data (in a useful way) into an HTTPS stream without adding your own certificate to the person's computer, there are a LOT of government agencies that would LOVE to talk to you.

More invasive than that

Actually it's far more invasive than that, it means they actually LISTEN to the phone conversation and choose the correct GAP in that conversation to inject their javascript. They don't just randomly shove in javascript into a HTTP socket, they have to be watching the traffic.

So they're giving themselves the basis for monitoring your URL surfing later too.

So when they inject adverts, or sell your surfing habits to others, they can point to this and point out that they've been monitoring web surfing and injecting message 'for service quality purposes' for a long time. And thus the change is actually minor, because you like quality service don't you?

Remember phone logs? Tony Blair demanded that phone records for everyone be kept for 2 years and available on demand, he pushed it through the EU when the UK had the chair. His argument was that 'this data is already kept for billing purposes so it changes nothing'. So he opened the basis for spying on everyone, just in case sometime in future they commit a crime. And his lawyer game was, "well it's recorded for billing" so it's only a minor change. The minor change being to keep it for 2 years and replace the warrant with a RIPA letter from one of Murdochs employees in the police.

Your surfing is already monitored, so it makes no difference if we also monitor it on behalf of Govt/RIAA/Voting Corp/Marketing Corp/Fox News/News International...