WindowsSecrets is NOT SECURE! REALLY?

Topic

New Reply

My Win10 is set to automatic update.
I have a Verizon FIOS account and use Verizon’s email system.

Last week I noticed in the URL window (upper left) on some websites the LOCK had a slash.

I also noticed that on most sites, the SIGN-IN was accompanied by a DropDown which said “this site is not secure or something like that” and at the bottom of the DropDown was my usual User Name for that site.

Today, when I tried to LOGIN to WindowsSecrets, I got the same message.

In addition, my Sister on the other side of the continent from whom I get and send regular emails noticed that instead of my emails with my name in the header that it was listed as vznitXXXXXX with X being a 6 digit number followed by .mailsrvcs.net When I looked that up, it was ascribed to Verizon webmail Anyone know what is going on????

Reply | Quote

Replies

Are you using Firefox as I’m seeing that behaviour in my copy since an upgrade a day or so ago? If you click on the exclamation mark next to the go back button at top left it tells you that WS isn’t secure. But you don’t use its password on other sites do you? There’s thread about lack of security in WS.

Eliminate spare time: start programming PowerShell

Reply | Quote

Thank You, MDB:

Yes, I use Firefox. And yes, now that you mention it I recall that FireFox stalled on startup the other day and that it was looking for Mobile Phone number info.

No, I use a unique password for WS, but I DO use the same USER NAME on quite a few hobbiest forums (I don’t do any social media).

Yes, the back button indicates a lack of security.
——————-
Do you or anyone have any clues as to why my outgoing Verizon emails (logged in to Verizon through Firefox) are from vznitxxxxxx.mailsrvcs.net as the sender rather than me? If I got an email from THAT header, I would just delete it. I sent an email to myself and when it came back, it was FROM: vznitxxxxxx.mailsrvcs.net. When I opened the email, it said it was from me as previously.

BTW, I use Malwarebytes and Kaspersky and update the database daily and nothing appears there.

I have noticed INTRUSIVE messages from MS that Edge IS MORE SECURE than FireFox and a “hook” to click to switch !!! Not that I am harboring any conspiracy theories.

Paul

I had not seen that WS insecurity posting. Thank you for that.

Reply | Quote

This may be the answer:
Effective April 17, 2017, we’ll no longer provide verizon.net email service. Other than this change, your Verizon service(s) won’t be affected.

We have two options for you to consider. Please review both options and take action today to avoid losing access to your email.
1) Send everything to AOL and keep your existing email address, your emails, and your address book.
2) Just go away and start over.
from PayMore, GetLess Verizon.

Reply | Quote

It has nothing to do with how good your password is or whether you use it on other sites.

Look at the address bar on any page where you’re not logged in and are being asked to log in. It is not https:// (SSL/TLS). Not an encrypted connection. That means when you enter your password it could be intercepted.

Google is currently sending messages to all sites requiring log-in that at the very least the log-in page(s) MUST be https://

This site is apparently not in compliance with that yet.

Reply | Quote

The point I was making is that one should have unique passwords on all sites. If someone intercepts the password on a site like this will then try to use it on other sites – so if it isn’t reused then they won’t succeed.

Eliminate spare time: start programming PowerShell

Reply | Quote