[Discuss] Temporarily disable check for messages in Thunderbird

stephen hawkes sghawkes at shaw.ca
Thu Nov 2 09:52:18 PST 2006 

What blows my mind is how much money these companies make and why they 
don't just buy some frigging ssl certs. Heck get some self signed ones 
for all I care.

I had a discussion with someone I know that was a shaw tech locally 
(since moved to calgary) about the poor encryption on their webmail and 
lack of it on their pop access. The excuse for 64bit ssl on the webmail 
was so that you can access your email from any country, since higher 
encryption might not be usable. I know there are laws about exporting 
products with certain levels of encryption from the US (so IE would be 
affected maybe?), but I'm pretty sure I could find a web browser that 
would work in any country. Heck they could do the same thing as uvic 
webmail and let you choose between encrypted or not.

 The excuse for not having any ecryption on their pop server was that 
you connect through your shaw modem which goes "directly" to the shaw 
server. I brought up wireless connections, as many people have wireless 
at home now. His reply: Use wep or wpa. Well not all people know how to 
set that up (judging by the amount of open APs around me right now) and 
wep is trivial to break.

Anyhow, from his responses it seemed like they had replies ready (even 
if they are poor ones) and don't really care to do anything about it. I 
guess they have few enough problems that the cost isn't justified.

Adam Parkin wrote:
> stephen hawkes wrote:
>> Yeah I have it setup to not check any of the unsecure ones at startup 
>> (so my gmail and such still automatically get check no matter where I 
>> am and shaw isn't, don't get me started on them and their email), 
>> then when I am at home I just hit get all new messages. Works well 
>> enough.
>
> Yeah I think this is what I'm going to do as well.  I'm actually 
> thinking I might just set the Telus accts so that they have to 
> be(theoretically some countries I would go to wouldn't have web 
> browsers that can handle higher? checked manually, as I might hit 
> CTRL+ALT+T while at school not realizing that that would check the 
> Telus accts along with my secure accounts.
>
> What would be really cool is if somehow TB could detect if your 
> wireless connection was secure or not (ie used something like WEP) and 
> only checked issecure accounts if the connection was secure.  
> (although any way you shake it POP is inheritently insecure unless 
> it's done over SSL, it's just that it's *really really* insecure when 
> done without SSL over an open wireless connection)
>
> As for Shaw and poor e-mail service, try Telus sometime and you'll be 
> glad you're with Shaw. =;->  No IMAP, no secure POP, logins must be 
> with your "real" user id (which is typically something cryptic like 
> a9a2343c), webmail interface is insecure (no SSL encryption), outgoing 
> mail must go through the smtp.telus.net server, your POP password for 
> your primary e-mail account has to be the same as the one for your 
> Internet service account (which includes access to information such as 
> your credit card if you pay by CC), can't remember if this is still 
> true or not, but IIRC it used to be that you had to use the same 
> password for all of your Telus e-mail accounts (so if one is hacked, 
> they're all hacked), etc.

More information about the Discuss mailing list