Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

IOL Webmail service not secure

  • 24-07-2018 5:20pm
    #1
    smar
    Registered Users, Registered Users 2 Posts: 14


    When I access my emails on the IOL website this message pops up when I put in my email address: "This connection is not secure. Logins entered here could be compromised." Does that mean I should not use this website at all? Is there an alternative for remotely accessing IOL emails?


Comments

  • #2
    Dermot Illogical
    Registered Users, Registered Users 2 Posts: 3,131 ✭✭✭Dermot Illogical


    There's a blast from the past! :eek:

    They haven't implemented https for the site, so all your data is transmitted in plain text and is completely insecure. I wouldn't hold out much hope for there being any security worth talking about on IOL. It's all a bit 1990's.


  • #3
    [Deleted User]
    Posts: 11,614 ✭✭✭✭ [Deleted User]


    Dermot Illogical wrote: »
    They haven't implemented https for the site, so all your data is transmitted in plain text and is completely insecure. I wouldn't hold out much hope for there being any security worth talking about on IOL. It's all a bit 1990's.

    To be fair, email isnt encrypted by default anyway. Them not implementing https means someone could sniff the posters credentials, but their email will get sent in clear text either way.


  • #4
    Dermot Illogical
    Registered Users, Registered Users 2 Posts: 3,131 ✭✭✭Dermot Illogical


    Deleted User wrote: »
    To be fair, email isnt encrypted by default anyway. Them not implementing https means someone could sniff the posters credentials, but their email will get sent in clear text either way.

    It's basically just a web page. So only traffic sent over http is plain text.


  • #5
    [Deleted User]
    Posts: 11,614 ✭✭✭✭ [Deleted User]


    Dermot Illogical wrote: »
    It's basically just a web page. So only traffic sent over http is plain text.

    Yes its a webpage which sends email, but email by default is plaintext.

    Modern mail servers use Transport Layer Security (TLS) to prevent sniffing on the transport layer, but I just tested iol's three mail servers and none of them support TLS(or certificate, or SSL). Implementing HTTPS on the website won't fix their email insecurities.

    OP, currently sending email via IOL is a bit like sending correspondence via postcard.


  • #6
    Blowfish
    Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    Even aside from the lack of TLS, they aren't filtering against even the most basic XSS on the login page.

    Realistically BT aren't going to bother with securing or modernising it and are likely to switch it off at some point or other so get out while you can OP if you've anything you care about on there.


  • Advertisement
Advertisement