Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




762 posts

Ultimate Geek
+1 received by user: 64


Topic # 28590 5-Dec-2008 10:00
Send private message

My wife & I moan at the poor performance of Xnet webmail which has been going on for quite some time, what is the issue with it & why is it taking so long to resolve permantly ?

And when will Xnet take their customers security seriously and get a SSL cert for the site - WxC must be the only ISP who does not have secure webmail !

Quite frustrating


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
3267 posts

Uber Geek
+1 received by user: 77

Trusted

  Reply # 182262 5-Dec-2008 12:31
Send private message

I use "webmail2" a lot and find it slightly slow, but not enough to raise any complaint.  It certainly is a lot faster than downloading Hotmail e-mails via POP.  Perhaps it uses a large plug-in and your virus scanner takes a long time to check it, or the IE ant-phishing scanner is slow?

The only complaint I have with it is that it will not show the correct number of unread messages until you change to a different folder and then back to the inbox.




You can never have enough Volvos!




762 posts

Ultimate Geek
+1 received by user: 64


  Reply # 182278 5-Dec-2008 13:09
Send private message

Niel: I use "webmail2" a lot and find it slightly slow, but not enough to raise any complaint.  It certainly is a lot faster than downloading Hotmail e-mails via POP.  Perhaps it uses a large plug-in and your virus scanner takes a long time to check it, or the IE ant-phishing scanner is slow?

The only complaint I have with it is that it will not show the correct number of unread messages until you change to a different folder and then back to the inbox.


My wife and I don't like to use webmail2 as it does not have anywhere near the number of features as the old webmail [old-webmail.xnet.co.nz] old-webmail has full calendar, tasks, comprehensive address books and does not bold unread spam and allow me to send from all my email alias which the new one does not

and the lack of https...

ps: they are currently having webmail problems [again] as it does not work at present refer to the network status ticker on there homepage. Webmail has had issues since this morning and it has been a number of hours now...

 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software
Phil Gale
1107 posts

Uber Geek
+1 received by user: 44

Trusted
Red Jungle
Subscriber

  Reply # 182319 5-Dec-2008 15:31
Send private message

Once again: Google Apps for your domain is free, ISP independant, secured by SSL and supports webmail or POP/IMAP.




Red Jungle: we make fantastic software

RSS  Twitter  Facebook  Skype

6314 posts

Uber Geek
+1 received by user: 379

Moderator
Trusted
Lifetime subscriber

  Reply # 182338 5-Dec-2008 16:23
Send private message

xlinknz:And when will Xnet take their customers security seriously and get a SSL cert for the site - WxC must be the only ISP who does not have secure webmail !


What exactly is in your emails that it must be encrypted in transit between WxC and your browser?  SSL adds an overhead to every request as data must be encrypted before being sent to you.

SSL is really only needed for online banking.

29 posts

Geek


  Reply # 182371 5-Dec-2008 19:47
Send private message

One other alternative if you need web-based access would be to set Gmail up to retrieve your Xnet mailbox via POP - this solution seems to work well for me. Gmail has nice spam filters too :)

Nate wants an iphone
3901 posts

Uber Geek
+1 received by user: 28

Mod Emeritus
Trusted
Lifetime subscriber

Reply # 182372 5-Dec-2008 19:58
Send private message

nate:
SSL is really only needed for online banking.


You are serious? Right?




webhosting |New Zealand connectionsgeekzone IRC chat
Loose lips may sink ships - Be smart - Don't post internal/commercially sensitive or confidential information!


3267 posts

Uber Geek
+1 received by user: 77

Trusted

  Reply # 182375 5-Dec-2008 20:22
Send private message

shadenz: One other alternative if you need web-based access would be to set Gmail up to retrieve your Xnet mailbox via POP - this solution seems to work well for me. Gmail has nice spam filters too :)


Have you read their T&C?  They can use any data going through their servers for whatever purpose they want...  But I agree, Google has very good applications/services.




You can never have enough Volvos!


6314 posts

Uber Geek
+1 received by user: 379

Moderator
Trusted
Lifetime subscriber

Reply # 182409 6-Dec-2008 00:46
Send private message

cokemaster: You are serious? Right?


I am serious.

SSL on webmail is like retrieving money from a bank under heavy guard, when it's been trucked there on the back of open utes.  There are much better technologies for encrypting an email from point A to point B (using keys) which would provide more security.  Having said that, if you need to encrypted your emails, you are probably sending data which you shouldn't be sending via email in the first place.

I'm happy to change my original post to "SSL is really only needed for online banking AND when other sensitive account details are being transferred"

Happy now? Cool

Phil Gale
1107 posts

Uber Geek
+1 received by user: 44

Trusted
Red Jungle
Subscriber

  Reply # 182436 6-Dec-2008 08:31
Send private message

I tend to agree - and I actually think SSL gives a lot of people a real false sense of security. There is a real lack of understanding from average users around what SSL actually is and does, and in my experience people assume when they see the 'padlock' in their browser that means the site is completely legit and their data is completely safe - which just isn't the case.

Top this off with the absolutely rediculous pricing model most SSL providers have in order to be issued a certificate.

/End SSL rant.




Red Jungle: we make fantastic software

RSS  Twitter  Facebook  Skype

BDFL - Memuneh
60245 posts

Uber Geek
+1 received by user: 11298

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 182438 6-Dec-2008 08:40
Send private message

Yes, the SSL security is false... In this specific case at least.

It only prevents people to see your username and password between the browser and the server. The emails have already travelled around the world in the open - they are not encrypted between servers so if anyone wanted they already read those messages.

A lot of people ask me "It's ok to give my credit card then, there's a padlock here"... Which is sad. The padlock just means the site owner bought a SSL certificate. It doesn't mean their security is any good - after you submit your credit card details for example, who can say that this data is not stored on a database that's accessible from outside? Who can guarantee this database has proper storage encyption? Who can guarantee an employee is not copying that data to a USB memory key and walking away with it?

SSL does not guarantee anything but security between your browser and the server. After this (or before this if your PC is infected with keyloggers) there's nothing safe on the Internet.




21012 posts

Uber Geek
+1 received by user: 4155

Trusted
Subscriber

  Reply # 182570 7-Dec-2008 11:24
Send private message

I read some survey before that had users putting more faith in a padlock icon on the page beside the fields then the one the browser supplies. Was a few years back so the changes that have happened with the addressbar may change the results, but the end result is that users are stupid when it comes to believing what the computer tells them.

The only time I dont like to use non ssl website auth is at public wlans since it is so easy for people to snatch them from the air. That is why there should be at least a secure signon for things that may contain personal information like email.




Richard rich.ms

3267 posts

Uber Geek
+1 received by user: 77

Trusted

  Reply # 182974 9-Dec-2008 13:16
Send private message

There is now a secure option.  Since it is an option, I'm guessing that they have a good reason for not having it secure in the first place.




You can never have enough Volvos!




762 posts

Ultimate Geek
+1 received by user: 64


Reply # 183008 9-Dec-2008 15:02
Send private message

freitasm: Yes, the SSL security is false... In this specific case at least.

It only prevents people to see your username and password between the browser and the server. The emails have already travelled around the world in the open - they are not encrypted between servers so if anyone wanted they already read those messages.


Mauricio, in a website that uses https for all pages all packets are encrypted between the client and the server. Therefore for a webmail site that remains https all the email & content [except the intial request packets before the ssl cert is exchanged] are encrypted regardless of how many networks and routes are transversed
 
Note some websites only use https for a login page in which case only the authetication [username & password] is encrypted.

Niel: There is now a secure option.  Since it is an option, I'm guessing that they have a good reason for not having it secure in the first place.


Yes I noticed over the weekend WxC finally and to their credit Laughinghave offered https webmail interface which will ensure all packets [& emails] are encrypted. I suspect in time they will drop the non secure option as yahoo did sometime back.

I suspect the reason that WxC did not have a secure option previously is that it was not a high priority to them but they now recognise the need to meet best practise for any ISP.


6314 posts

Uber Geek
+1 received by user: 379

Moderator
Trusted
Lifetime subscriber

  Reply # 183025 9-Dec-2008 15:37
Send private message

xlinknz:
freitasm: Yes, the SSL security is false... In this specific case at least.

It only prevents people to see your username and password between the browser and the server. The emails have already travelled around the world in the open - they are not encrypted between servers so if anyone wanted they already read those messages.


Mauricio, in a website that uses https for all pages all packets are encrypted between the client and the server. Therefore for a webmail site that remains https all the email & content [except the intial request packets before the ssl cert is exchanged] are encrypted regardless of how many networks and routes are transversed


Yes that is true, but the data is only encrypted from your browser to the webmail server.  What Mauricio is talking about is the delivery of the email from the sender's computer to your email server.

For example, imagine I am sending an email to you from Xtra.  Assuming I'm using standard SMTP, the email would be transmitted unencrypted from my computer to Xtra's email servers.  From there, it would be transferred (again unencrypted) to WxC's email server.  It would be stored on their email server (unencrypted) until you connected and downloaded it.

As you can see, it's fine on the final path from their webmail to your browser, but you still have a lot of encrypted hops along the way (and this is a direct server to server path, there would be more vulnerabilities if the email passed through a couple of relays on the way).

My concern is what are you sending/receiving that is sensitive?  I've seen it too often, clients transferring sensitive info such as credit cards via email.  While the possibility of interception is low, it is still a very silly mistake to be making.


3267 posts

Uber Geek
+1 received by user: 77

Trusted

  Reply # 183029 9-Dec-2008 15:46
Send private message

nate: Yes that is true, but the data is only encrypted from your browser to the webmail server.  What Mauricio is talking about is the delivery of the email from the sender's computer to your email server.


And the default for Outlook Express is not to use encryption.  Most people use OE, so most e-mail downloads are unsecure anyway.




You can never have enough Volvos!


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UpStarters - the New Zealand tech and innovation story
Posted 21-May-2018 09:55


Lightbox updates platform with new streaming options
Posted 17-May-2018 13:09


Norton Core router launches with high-performance, IoT security in New Zealand
Posted 16-May-2018 02:00


D-Link ANZ launches new 4G LTE Dual SIM M2M VPN Router
Posted 15-May-2018 19:30


New Panasonic LUMIX FT7 ideal for outdoor: waterproof, dustproof
Posted 15-May-2018 19:17


Ryanair Goes All-In on AWS
Posted 15-May-2018 19:14


Te Papa and EQC Minecraft Mod shakes up earthquake education
Posted 15-May-2018 19:12


Framing Facebook: It’s not about technology
Posted 14-May-2018 16:02


Vocus works with NZ Police and telcos to stop scam calls
Posted 12-May-2018 11:12


Vista Group signs Aeon Entertainment, largest cinema chain in Japan
Posted 11-May-2018 21:41


New Privacy Trust Mark certifies privacy and customer control
Posted 10-May-2018 14:16


New app FIXR connects vehicle owners to top Mechanics at best prices
Posted 10-May-2018 14:13


Nutanix Beam gives enterprises control of the cloud
Posted 10-May-2018 14:09


D-Link ANZ launches Covr Seamless Wi-Fi System
Posted 10-May-2018 14:06


Telstra, Intel and Ericsson demonstrate a 5G future for esports
Posted 10-May-2018 13:59



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.