본 사이트는 여러분의 사용자 경험을 개선하기 위해 유지 보수를 진행하는 동안 기능이 제한됩니다. 도움말로 문제가 해결되지 않고 질문을 하고 싶다면 Twitter의 @FirefoxSupport 및 Reddit의 /r/firefox 채널을 활용하세요.

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

Sites with mixed encryption are re-directed to Fileinxt.com. Why can't I just display encrypted content?

  • 7 답장
  • 10 이 문제를 만남
  • 2 보기
  • 최종 답변자: socalmonk

more options

When I visit Boostmobile.com and try to log into my account, I am redirected to Fileinxt.com, and get pop-up windows as well. I can block the pop-ups, no problem. This bug doesn't affect IE8, which I don't especially like, because when I go to the page using IE8, IE8 asks me if I want to see just the encrypted content or all the content. I opt for just encrypted, and no problem. If I opt for both encrypted and un-encrypted content, I get sent off into Fileinxt.com land. So it's a web page bug that exploits a weakness in Firefox (all version) and, apparently, Google Chrome as well. I have un-installed and re-installed Firefox, no change. Is my computer actually harboring a virus. or is this exploit just a weakness in Firefox (and reportedly in Google Chrome)?

When I visit [[Boostmobile.com]] and try to log into my account, I am redirected to [[Fileinxt.com]], and get pop-up windows as well. I can block the pop-ups, no problem. This bug doesn't affect IE8, which I don't especially like, because when I go to the page using IE8, IE8 asks me if I want to see just the encrypted content or all the content. I opt for just encrypted, and no problem. If I opt for both encrypted and un-encrypted content, I get sent off into [[Fileinxt.com]] land. So it's a web page bug that exploits a weakness in Firefox (all version) and, apparently, Google Chrome as well. I have un-installed and re-installed Firefox, no change. Is my computer actually harboring a virus. or is this exploit just a weakness in Firefox (and reportedly in Google Chrome)?

글쓴이 socalmonk 수정일시

모든 댓글 (7)

more options

I don't see anything strange when I go to the login pages, but I can't actually log in. Does the problem occur when you visit these pages, or only after logging in?

https://apps.boostmobile.com/boostApp/accountLogin.do
https://apps.boostmobile.com/boostApp/myLogin.do

more options

I found a solution. I have Adblock Plus installed. I just added the offending address, Fileinxt.com to my filter list (Easylist). The problem occurs after I enter my username and password. That is when the re-direction happens. Thank you for your timely response.

글쓴이 socalmonk 수정일시

more options

This issue was the result of an attack on the boostmobile.com site. While the attack was in place (it's since been fixed), the https response from the site contained a reference to insecure javascript at a 3rd party site. That javascript would ultimately result in a hijack of the browser session. Since the javascript was from a 3rd party site, presumably under the control of the attacker, it could have done more than just load ads - it could have captured, for example, any of the information displayed on the boostmobile.com site.

So, also, change your boostmobile.com password. Note, though, that passwords for the site are laughably insecure: four digits!

more options
more options

I figured that out when I opened the page in my BlackBerry and it was OK (Opera Mini) and then double-checked it in IE8. IE8 didn't ask if I wanted to display all content or just encrypted. Even with the "My Account" page open, there ain't much to see. I can't, for examole, display the full number of a registered payment instrument like a credit or debit card, or a bank account, unless I am entering a new one, and then I can only see the one I'm entering. Boost doesn't have a way to withdraw funds once they're in.

more options

Your question was about being re-directed to another site. What does your last response have to do with that issue??

글쓴이 Helper7677 수정일시

more options

It was a response to mbdSeattle. He explained that the problem was not a virus on my computer, but an attack on the Boostmobile.com website that re-directed my browser. I had surmised that because it not only affected Firefox (all the versions I tried), but IE8 as well, if I allowed the browser to display non-encrypted content on the (secure) website in question. It also affected Opera Mini on my Unix-powered Blackberry, as well as reportedly affecting Mac's as well as pc's. I could work around the hi-jack by only displaying encrypted content on the site in IE8, by adding Fileinxt.com to my filter list in Adblock Plus for Firefox, but had no work around for Opera Mini on the BB. So when I visited the site with my BB and it displayed correctly, I figured the Boostmobile website admins were aware of the attack ( I queried them as to whether the page was infected, and would guess others did as well) and patched the hole. I further responded to mbdSeattle's comment on the security of the Boostmobile.com website. Should also add that I scanned with AVG 2011 and Malwarebytes, and neither program found anything amiss.

글쓴이 socalmonk 수정일시