Cox Comm. Injects Code Into Web Traffic To Announce Email Outage 271
An anonymous reader writes "Cox Communications appears to be injecting JavaScript and HTML into subscribers' traffic, as part of their effort to announce an email service outage. Pictures showing the popup."
Nice single point of attack (Score:5, Interesting)
Just compromise Cox's servers, and deliver your payload. Very blackhat friendly.
Re:Is this News? (Score:5, Interesting)
Alternative title: Cox acting like a bunch of dicks.
My ISP does this for far worse reasons. (Score:5, Interesting)
I use Millenicom, who resells Sprint, and in my area Sprint started injecting JavaScript into every page that comes over HTTP to recompress all the jpegs to a much lower quality setting.
That, at least, I could block. Now they just recompress all jpegs that come over http to a horrible level. If I want to keep the internet from looking like ass, I have to use a secure tunnel. Which is obnoxiously slow on 3G.
(Unfortunately, there's nothing Millenicom can do about it. It's up to Sprint. And there's no opt-out.)
Re:Is this News? (Score:3, Interesting)
Why isn't UPS and Fedex suing the Post Office?
They have found it much more promising to give contributions to certain members of Congress to burden the USPS with debt so they sink and clear the way for UPS and Fedex to take over.
Re:Is this News? (Score:5, Interesting)
Or instead there ought to be a simple way to just opt in. Or they could produce a FF/IE addon. Or put a big notice on their homepage with this info. Or automated social media notifications. Etc.
Messing with DNS to redirect bad domains to ad parking pages is still around but no one cares anymore. However, this is right in the user's face which feels different, like it's an offensive volley, like one ISP is finally ready for war. The first battle in ISPs training users to accept a tainted connection.
In all honesty, I think they picked the perfect application to start the ball rolling. Few average Joe customers would argue against email outage notifications because it seems like it's an important function that the ISP should provide. More importantly users are used to dynamic pages now, it "feels" like a Facebook or Twitter thing. So in their mind it's probably ok, or at least something that would be hard to argue against from a layman's perspective.
So it's a good starting point to start boiling the frog. I'll bet that their internal calculations show no more than one year to completely boil the poor beast (i.e. ad insertions). That's the holy grail.
Re:Illegal? (Score:2, Interesting)
> I'm not certain, but isn't there a law against messing with your packet stream, and inserting their own content?
It's a copyright violation at least. The website you visit owns the copyright on the page it serves... they are creating a derivative work by adding their own stuff to that page. I am sure that they dont have the authorization to do that from the copyright owners.
Unfortunately... the group serving the page is the one harmed in this, so they are the only ones with standing to seek a remedy. The consumer of the page has none.
Re:Is this News? (Score:4, Interesting)
I used to be a Cox customer until last month, because I moved across the country (to where Comcast is the cable provider, and IME they suck far, far worse than Cox, just judging by the few weeks of service I've had with Comcast versus about 7 years with Cox).
This announcement is especially annoying, because it's an outage on some stupid service that no one with a brain would ever use. Seriously, what moron actually uses ISP-provided email in this day and age? What a brilliant idea: as soon as you have to move or change providers for some reason, all your email is suddenly gone, and your email address is defunct, and if you didn't notify everyone in your address book beforehand you're screwed.
Re:Is this News? (Score:3, Interesting)
Absolutely, the USPS should be responsible for funding pensions and retiree health care just like any other governmental or private entity.
But that's the problem - so far as I can tell, they've had stricter funding requirements related to future retiree health care than any other entity. This was imposed by Congress in 2006.
Here's an article --> http://www.huffingtonpost.com/ron-bloom/reality-check-postal-service_b_1927634.html [huffingtonpost.com]
Re:Nice single point of attack (Score:5, Interesting)
In fact, is everyone absolutely certain this is actually Cox and not some malware outbreak masquerading as the ISP?