Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


xlinknz

998 posts

Ultimate Geek

Trusted

#28590 5-Dec-2008 10:00
Send private message

My wife & I moan at the poor performance of Xnet webmail which has been going on for quite some time, what is the issue with it & why is it taking so long to resolve permantly ?

And when will Xnet take their customers security seriously and get a SSL cert for the site - WxC must be the only ISP who does not have secure webmail !

Quite frustrating


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
Niel
3267 posts

Uber Geek

Trusted

  #182262 5-Dec-2008 12:31
Send private message

I use "webmail2" a lot and find it slightly slow, but not enough to raise any complaint.  It certainly is a lot faster than downloading Hotmail e-mails via POP.  Perhaps it uses a large plug-in and your virus scanner takes a long time to check it, or the IE ant-phishing scanner is slow?

The only complaint I have with it is that it will not show the correct number of unread messages until you change to a different folder and then back to the inbox.




You can never have enough Volvos!


xlinknz

998 posts

Ultimate Geek

Trusted

  #182278 5-Dec-2008 13:09
Send private message

Niel: I use "webmail2" a lot and find it slightly slow, but not enough to raise any complaint.  It certainly is a lot faster than downloading Hotmail e-mails via POP.  Perhaps it uses a large plug-in and your virus scanner takes a long time to check it, or the IE ant-phishing scanner is slow?

The only complaint I have with it is that it will not show the correct number of unread messages until you change to a different folder and then back to the inbox.


My wife and I don't like to use webmail2 as it does not have anywhere near the number of features as the old webmail [old-webmail.xnet.co.nz] old-webmail has full calendar, tasks, comprehensive address books and does not bold unread spam and allow me to send from all my email alias which the new one does not

and the lack of https...

ps: they are currently having webmail problems [again] as it does not work at present refer to the network status ticker on there homepage. Webmail has had issues since this morning and it has been a number of hours now...

 
 
 
 


RedJungle
Phil Gale
1108 posts

Uber Geek

Trusted
Red Jungle
Subscriber

  #182319 5-Dec-2008 15:31
Send private message

Once again: Google Apps for your domain is free, ISP independant, secured by SSL and supports webmail or POP/IMAP.




Red Jungle: we make fantastic software

RSS  Twitter  Facebook  Skype

nate
6408 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #182338 5-Dec-2008 16:23
Send private message

xlinknz:And when will Xnet take their customers security seriously and get a SSL cert for the site - WxC must be the only ISP who does not have secure webmail !


What exactly is in your emails that it must be encrypted in transit between WxC and your browser?  SSL adds an overhead to every request as data must be encrypted before being sent to you.

SSL is really only needed for online banking.

shadenz
29 posts

Geek


  #182371 5-Dec-2008 19:47
Send private message

One other alternative if you need web-based access would be to set Gmail up to retrieve your Xnet mailbox via POP - this solution seems to work well for me. Gmail has nice spam filters too :)

cokemaster
Nate wants an iphone
3942 posts

Uber Geek

Retired Mod
Trusted
Lifetime subscriber

#182372 5-Dec-2008 19:58
Send private message

nate:
SSL is really only needed for online banking.


You are serious? Right?




webhosting

Loose lips may sink ships - Be smart - Don't post internal/commercially sensitive or confidential information!


Niel
3267 posts

Uber Geek

Trusted

  #182375 5-Dec-2008 20:22
Send private message

shadenz: One other alternative if you need web-based access would be to set Gmail up to retrieve your Xnet mailbox via POP - this solution seems to work well for me. Gmail has nice spam filters too :)


Have you read their T&C?  They can use any data going through their servers for whatever purpose they want...  But I agree, Google has very good applications/services.




You can never have enough Volvos!


 
 
 
 


nate
6408 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

#182409 6-Dec-2008 00:46
Send private message

cokemaster: You are serious? Right?


I am serious.

SSL on webmail is like retrieving money from a bank under heavy guard, when it's been trucked there on the back of open utes.  There are much better technologies for encrypting an email from point A to point B (using keys) which would provide more security.  Having said that, if you need to encrypted your emails, you are probably sending data which you shouldn't be sending via email in the first place.

I'm happy to change my original post to "SSL is really only needed for online banking AND when other sensitive account details are being transferred"

Happy now? Cool

RedJungle
Phil Gale
1108 posts

Uber Geek

Trusted
Red Jungle
Subscriber

  #182436 6-Dec-2008 08:31
Send private message

I tend to agree - and I actually think SSL gives a lot of people a real false sense of security. There is a real lack of understanding from average users around what SSL actually is and does, and in my experience people assume when they see the 'padlock' in their browser that means the site is completely legit and their data is completely safe - which just isn't the case.

Top this off with the absolutely rediculous pricing model most SSL providers have in order to be issued a certificate.

/End SSL rant.




Red Jungle: we make fantastic software

RSS  Twitter  Facebook  Skype

freitasm
BDFL - Memuneh
68873 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

#182438 6-Dec-2008 08:40
Send private message

Yes, the SSL security is false... In this specific case at least.

It only prevents people to see your username and password between the browser and the server. The emails have already travelled around the world in the open - they are not encrypted between servers so if anyone wanted they already read those messages.

A lot of people ask me "It's ok to give my credit card then, there's a padlock here"... Which is sad. The padlock just means the site owner bought a SSL certificate. It doesn't mean their security is any good - after you submit your credit card details for example, who can say that this data is not stored on a database that's accessible from outside? Who can guarantee this database has proper storage encyption? Who can guarantee an employee is not copying that data to a USB memory key and walking away with it?

SSL does not guarantee anything but security between your browser and the server. After this (or before this if your PC is infected with keyloggers) there's nothing safe on the Internet.




 

 

These links are referral codes

 

Geekzone broadband switch | Eletcricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Coinbase | TheMarket | My technology disclosure


richms
23681 posts

Uber Geek

Trusted
Subscriber

  #182570 7-Dec-2008 11:24
Send private message

I read some survey before that had users putting more faith in a padlock icon on the page beside the fields then the one the browser supplies. Was a few years back so the changes that have happened with the addressbar may change the results, but the end result is that users are stupid when it comes to believing what the computer tells them.

The only time I dont like to use non ssl website auth is at public wlans since it is so easy for people to snatch them from the air. That is why there should be at least a secure signon for things that may contain personal information like email.




Richard rich.ms

Niel
3267 posts

Uber Geek

Trusted

  #182974 9-Dec-2008 13:16
Send private message

There is now a secure option.  Since it is an option, I'm guessing that they have a good reason for not having it secure in the first place.




You can never have enough Volvos!


xlinknz

998 posts

Ultimate Geek

Trusted

#183008 9-Dec-2008 15:02
Send private message

freitasm: Yes, the SSL security is false... In this specific case at least.

It only prevents people to see your username and password between the browser and the server. The emails have already travelled around the world in the open - they are not encrypted between servers so if anyone wanted they already read those messages.


Mauricio, in a website that uses https for all pages all packets are encrypted between the client and the server. Therefore for a webmail site that remains https all the email & content [except the intial request packets before the ssl cert is exchanged] are encrypted regardless of how many networks and routes are transversed
 
Note some websites only use https for a login page in which case only the authetication [username & password] is encrypted.

Niel: There is now a secure option.  Since it is an option, I'm guessing that they have a good reason for not having it secure in the first place.


Yes I noticed over the weekend WxC finally and to their credit Laughinghave offered https webmail interface which will ensure all packets [& emails] are encrypted. I suspect in time they will drop the non secure option as yahoo did sometime back.

I suspect the reason that WxC did not have a secure option previously is that it was not a high priority to them but they now recognise the need to meet best practise for any ISP.


nate
6408 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #183025 9-Dec-2008 15:37
Send private message

xlinknz:
freitasm: Yes, the SSL security is false... In this specific case at least.

It only prevents people to see your username and password between the browser and the server. The emails have already travelled around the world in the open - they are not encrypted between servers so if anyone wanted they already read those messages.


Mauricio, in a website that uses https for all pages all packets are encrypted between the client and the server. Therefore for a webmail site that remains https all the email & content [except the intial request packets before the ssl cert is exchanged] are encrypted regardless of how many networks and routes are transversed


Yes that is true, but the data is only encrypted from your browser to the webmail server.  What Mauricio is talking about is the delivery of the email from the sender's computer to your email server.

For example, imagine I am sending an email to you from Xtra.  Assuming I'm using standard SMTP, the email would be transmitted unencrypted from my computer to Xtra's email servers.  From there, it would be transferred (again unencrypted) to WxC's email server.  It would be stored on their email server (unencrypted) until you connected and downloaded it.

As you can see, it's fine on the final path from their webmail to your browser, but you still have a lot of encrypted hops along the way (and this is a direct server to server path, there would be more vulnerabilities if the email passed through a couple of relays on the way).

My concern is what are you sending/receiving that is sensitive?  I've seen it too often, clients transferring sensitive info such as credit cards via email.  While the possibility of interception is low, it is still a very silly mistake to be making.


Niel
3267 posts

Uber Geek

Trusted

  #183029 9-Dec-2008 15:46
Send private message

nate: Yes that is true, but the data is only encrypted from your browser to the webmail server.  What Mauricio is talking about is the delivery of the email from the sender's computer to your email server.


And the default for Outlook Express is not to use encryption.  Most people use OE, so most e-mail downloads are unsecure anyway.




You can never have enough Volvos!


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News »

Huawei launches IdeaHub Pro in New Zealand
Posted 27-Oct-2020 16:41


Southland-based IT specialist providing virtual services worldwide
Posted 27-Oct-2020 15:55


NASA discovers water on sunlit surface of Moon
Posted 27-Oct-2020 08:30


Huawei introduces new features to Petal Search, Maps and Docs
Posted 26-Oct-2020 18:05


Nokia selected by NASA to build first ever cellular network on the Moon
Posted 21-Oct-2020 08:34


Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS16211+
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.