Cox adds SSL for Webmail

Back in February I repeated Rob Pegoraro’s announcement that SSL for Cox Webmail would be occurring in the first quarter of 2007.
In July, Cox enabled POP3 over SSL and indicated that SSL for Webmail was coming soon as well.
Cox has finally enabled SSL for Webmail, but it is only protecting the credentials at login.
There are several problems with this.
1) When you type in your login credentials, you are at a non-SSL site. You cannot verify the authenticity of the site to which you are providing credentials.
2) When you read your email it doesn’t go over a encrypted link.
3) It may be vulnerable to a cookie replay attack such as the one announced against Google Mail at Blackhat 2007