Secure insecure mail from bigmir) net
I do not know if this is a bug or a feature, but mail from bigmir) net suffers from at least one very significant drawback - it is very difficult to log out of it. After clicking the "Exit" button, we really exit the mail and get to the main portal. It seems to the user that he has left his post office, he quietly gets up from the computer, calculates with the operator and leaves the Internet salon. At this time, he could assume that he no longer has mail. If I knew.
The test mailbox testbigmirid@bigmir.net was registered for testing with the password testbigmirid, and the following browsers were defined: Firefox, Opera, Google Chrome and IE9.
It should be noted that mail, from a certain time, bigmir transferred to the Google Mail engine. But what I’m writing about below is not Gmail’s fault.
In Opera, Google Chrome and IE9, after clicking “Exit”, we (it seems) unlocks and throws it onto the main portal. But at the same time, a simple transition to the link mail.bigmir.net makes 3-4 redirects and again opens the mailbox, this time without asking for a password. After closing the browser, this method no longer works. It seems to be not scary.
')
But in the case of Firefox everything is worse - even after closing and re-opening the browser, you can still get into the mailbox without entering a password.
Two cookies are responsible for logging in from the portal:
Firecookie claims that the duration of their life is “Session”.
But in Firefox, the concept of "session" is a bit different from all other browsers. Here is a small quote from bugzilla.mozilla.org :
Thus, once logged in to the mail via Mozilla Firefox, you will log in there forever.
It seems to me that this is not Gmail's fault (they are their own tinder cookies) and not Mozilla Firefox (session-restore really is a feature), but an oversight of the developers of the portal bigmir) net, because after clicking "Exit" the exit from the mail session should really take place , should also remove all cookies that are responsible for authorization. I hope they read Habr, and will take measures to protect the mailboxes of their users, but for now I would recommend not to use this mail, away from sin. Who knows what surprises there are hidden yet?
Be careful, and always wipe the cookies behind you.
PS When registering a new mailbox, bigmir) net for some reason decided that I was born on November 30, 1999. I did not argue with him.
upd is very similar to the fact that the guys with bigmir) net still read Habr and corrected the error.
the only sad thing is that the letter in the support remained unanswered.
The test mailbox testbigmirid@bigmir.net was registered for testing with the password testbigmirid, and the following browsers were defined: Firefox, Opera, Google Chrome and IE9.
It should be noted that mail, from a certain time, bigmir transferred to the Google Mail engine. But what I’m writing about below is not Gmail’s fault.
In Opera, Google Chrome and IE9, after clicking “Exit”, we (it seems) unlocks and throws it onto the main portal. But at the same time, a simple transition to the link mail.bigmir.net makes 3-4 redirects and again opens the mailbox, this time without asking for a password. After closing the browser, this method no longer works. It seems to be not scary.
')
But in the case of Firefox everything is worse - even after closing and re-opening the browser, you can still get into the mailbox without entering a password.
Two cookies are responsible for logging in from the portal:
Firecookie claims that the duration of their life is “Session”.
But in Firefox, the concept of "session" is a bit different from all other browsers. Here is a small quote from bugzilla.mozilla.org :
This happens because session-restore saves session cookies (hence the name). It’s a bug
Thus, once logged in to the mail via Mozilla Firefox, you will log in there forever.
It seems to me that this is not Gmail's fault (they are their own tinder cookies) and not Mozilla Firefox (session-restore really is a feature), but an oversight of the developers of the portal bigmir) net, because after clicking "Exit" the exit from the mail session should really take place , should also remove all cookies that are responsible for authorization. I hope they read Habr, and will take measures to protect the mailboxes of their users, but for now I would recommend not to use this mail, away from sin. Who knows what surprises there are hidden yet?
Be careful, and always wipe the cookies behind you.
PS When registering a new mailbox, bigmir) net for some reason decided that I was born on November 30, 1999. I did not argue with him.
upd is very similar to the fact that the guys with bigmir) net still read Habr and corrected the error.
the only sad thing is that the letter in the support remained unanswered.
Source: https://habr.com/ru/post/134014/
All Articles