Community Forum

Comcast email says it is not secure

Highlighted
New Poster

Comcast email says it is not secure

At the top left of my email it has a triangle with an exlamation point in it and it says it is not secure.  When I click on this to view site information it says my connection to the site is not fully secure and that attackers might be able to see the images I'm looking at on this site and trick me by modifying them.  There is a hyperlink to "Learn More".  When I click on that link Google Chrome Help tells me if I have the triangle with exclamation point that is it "Not secure or Dangerous" 

We suggest you don't enter any private or personal information on this page. If possible, don't use the site.

Not secure: Proceed with caution. Something is severely wrong with the privacy of this site’s connection. Someone might be able to see the information you send or get through this site.

You might see a "Login not secure" or "Payment not secure" message.

Dangerous: Avoid this site. If you see a full-page red warning screen, the site has been flagged as unsafe by Safe Browsing. Using the site will likely put your private information at risk.

It suggests I don't enter any private or personal information on this page and if possible, don't use the site.

 

If I refresh it will say it is secure for a few seconds, then it reverts back to Not Secure.  I am using Chrome and I get this message on all three computers in the house and also on my Android phone when I access my email.  I am very uncomfortable with this message.  

Highlighted
Gold Problem Solver

Re: Comcast email says it is not secure

It's the way most current web browsers are designed. Whenever you use any provider's webmail to open an email that references a non-secure (loaded with "http" instead of "https") image, script, or other item, the browser warns you. In webmail, this probably happens most often if you have the setting for "Allow pre-loading of externally linked images" (gear icon / Settings / Security / Mail) checked. If you don't have that option checked, you're probably getting the browser warning when you open an email that has insecure content and you click the "Show images" button.


Sadly, many of the emails Comcast itself sends have insecure links and will trigger the browser's warning. Two examples are "http://log.dmtry.com/" and "http://xfinity.comcast.net/favicon.ico". To a browser both of these are "insecure" because they use "http" instead of "https".


A secure web page that loads insecure content is said to be using "mixed content", and may be subject to a "man-in-the-middle" attack. Comcast seems to think this is not a problem, but Internet security experts think otherwise. See https://www.google.com/search?q=mixed+content+pages+MITM.