We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Sites with mixed encryption are re-directed to Fileinxt.com. Why can't I just display encrypted content?

  • 7 个回答
  • 10 人有此问题
  • 2 次查看
  • 最后回复者为 socalmonk

more options

When I visit Boostmobile.com and try to log into my account, I am redirected to Fileinxt.com, and get pop-up windows as well. I can block the pop-ups, no problem. This bug doesn't affect IE8, which I don't especially like, because when I go to the page using IE8, IE8 asks me if I want to see just the encrypted content or all the content. I opt for just encrypted, and no problem. If I opt for both encrypted and un-encrypted content, I get sent off into Fileinxt.com land. So it's a web page bug that exploits a weakness in Firefox (all version) and, apparently, Google Chrome as well. I have un-installed and re-installed Firefox, no change. Is my computer actually harboring a virus. or is this exploit just a weakness in Firefox (and reportedly in Google Chrome)?

When I visit [[Boostmobile.com]] and try to log into my account, I am redirected to [[Fileinxt.com]], and get pop-up windows as well. I can block the pop-ups, no problem. This bug doesn't affect IE8, which I don't especially like, because when I go to the page using IE8, IE8 asks me if I want to see just the encrypted content or all the content. I opt for just encrypted, and no problem. If I opt for both encrypted and un-encrypted content, I get sent off into [[Fileinxt.com]] land. So it's a web page bug that exploits a weakness in Firefox (all version) and, apparently, Google Chrome as well. I have un-installed and re-installed Firefox, no change. Is my computer actually harboring a virus. or is this exploit just a weakness in Firefox (and reportedly in Google Chrome)?

由socalmonk于修改

所有回复 (7)

more options

I don't see anything strange when I go to the login pages, but I can't actually log in. Does the problem occur when you visit these pages, or only after logging in?

https://apps.boostmobile.com/boostApp/accountLogin.do
https://apps.boostmobile.com/boostApp/myLogin.do

more options

I found a solution. I have Adblock Plus installed. I just added the offending address, Fileinxt.com to my filter list (Easylist). The problem occurs after I enter my username and password. That is when the re-direction happens. Thank you for your timely response.

由socalmonk于修改

more options

This issue was the result of an attack on the boostmobile.com site. While the attack was in place (it's since been fixed), the https response from the site contained a reference to insecure javascript at a 3rd party site. That javascript would ultimately result in a hijack of the browser session. Since the javascript was from a 3rd party site, presumably under the control of the attacker, it could have done more than just load ads - it could have captured, for example, any of the information displayed on the boostmobile.com site.

So, also, change your boostmobile.com password. Note, though, that passwords for the site are laughably insecure: four digits!

more options
more options

I figured that out when I opened the page in my BlackBerry and it was OK (Opera Mini) and then double-checked it in IE8. IE8 didn't ask if I wanted to display all content or just encrypted. Even with the "My Account" page open, there ain't much to see. I can't, for examole, display the full number of a registered payment instrument like a credit or debit card, or a bank account, unless I am entering a new one, and then I can only see the one I'm entering. Boost doesn't have a way to withdraw funds once they're in.

more options

Your question was about being re-directed to another site. What does your last response have to do with that issue??

由Helper7677于修改

more options

It was a response to mbdSeattle. He explained that the problem was not a virus on my computer, but an attack on the Boostmobile.com website that re-directed my browser. I had surmised that because it not only affected Firefox (all the versions I tried), but IE8 as well, if I allowed the browser to display non-encrypted content on the (secure) website in question. It also affected Opera Mini on my Unix-powered Blackberry, as well as reportedly affecting Mac's as well as pc's. I could work around the hi-jack by only displaying encrypted content on the site in IE8, by adding Fileinxt.com to my filter list in Adblock Plus for Firefox, but had no work around for Opera Mini on the BB. So when I visited the site with my BB and it displayed correctly, I figured the Boostmobile website admins were aware of the attack ( I queried them as to whether the page was infected, and would guess others did as well) and patched the hole. I further responded to mbdSeattle's comment on the security of the Boostmobile.com website. Should also add that I scanned with AVG 2011 and Malwarebytes, and neither program found anything amiss.

由socalmonk于修改