Cox Communications Injecting JavaScript in Your Pages?

There have been several reports via Twitter, Dropbox, Flickr, and others reporting that Cox is injecting JavaScript to warn their users that there could be issues with their service. And from the looks of things, it seems pretty apparent that they are doing just that. A popup window on browsers, via websites that are being served up through other servers than there own, it definitely looks like Cox is hijacking message packets and adding in a little bit of their own code.

If you look at the two pictures here, you will clearly see that the websites are not from cox.com and that the messages seem to be injected into the bottom right of the screen, even taking away screen real-estate from other ads and content. Many would say that this is very intrusive. Much more intrusive than actually being helpful to the users.

I have yet to see the code, but if I were to gander, it may look a little something like this:

  1. $("body").append($("<div style=’background-color: white; border: 1px solid gray; padding: 5px; position: absolute; position: absolute; top: 0px; left: 0px;’><div style=’font-weight: bold;’>Cox Message:</div><div>This is a warning Message.</div></div>"));

Granted that this example that I whipped up in just a couple of seconds isn’t as “feature-rich” as the Cox message, but give it just a little bit more work and you can put just about anything, anywhere on a page if you have access to the packages that are being sent back and forth. All of these ISP’s have ways to read your information, scan, and send to you… this just puts it right in your face.

You may find this a bit more apparent in the workplace, where your IT department attempts to prevent any malicious websites and software through by the use of blocking key words and websites from even being surfed in the first place. Just so you know, it’s very easy to do. If anyone does have Cox and can get the source code for me, it would be nice to see. The other thing with Cox, is that they do not have to necessarily use JavaScript / jQuery appends. They could literally append directly the the response messages directly with HTML/CSS, so it may not all be JavaScript out there. Your [close] button would be though.

About Phillihp Harmon

I'm Phillihp. My name can be spelled the same way forwards and backwards, so can my posts... if you wish. I'm out here exploring, learning, and sharing what I find. This is more for fun and personal growth, I aim to be as consistent as possible, so check back daily!
This entry was posted in ***, Browsers, Companies, Hacking, Internet, JavaScript, News. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>