Bank Of America - sign on process - how is this secure?

From: Lloydi (nuggiepost.20.lloydi@spamgourmet.com)
Date: 11/25/02

• Next message: Barry Margolin: "Re: Bank Of America - sign on process - how is this secure?"
• Previous message: Henrick Hellström: "Re: Problems running VeriSign trial sertificate in Tomcat."
• Next in thread: Barry Margolin: "Re: Bank Of America - sign on process - how is this secure?"
• Reply: Barry Margolin: "Re: Bank Of America - sign on process - how is this secure?"
• Reply: Shaolin Tiger: "Re: Bank Of America - sign on process - how is this secure?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Lloydi" <nuggiepost.20.lloydi@spamgourmet.com>
Date: Mon, 25 Nov 2002 16:02:04 -0000

On Bank of America's site they have a sign in box to their online banking on
the home page.

http://www.bankofamerica.com/index.cfm

I want to know, how is this secure? This would surely mean that the
informattion typed in to the Online ID and passcode fields are not encrypted
by 128 bit SSL when they are sent to the https page. Normally, you have to
click through to https hosted page and THEN sign on from there, safe in the
knowledge that the details are encrypted properly.

Is this secure?

Can you explain how they have managed to get around this?

I'm mystified. I've had a look at the source code of the page, and I can't
really see any client-side masking of the details (and even if I did see
that I'd question just how secure this is)

---

• Next message: Barry Margolin: "Re: Bank Of America - sign on process - how is this secure?"
• Previous message: Henrick Hellström: "Re: Problems running VeriSign trial sertificate in Tomcat."
• Next in thread: Barry Margolin: "Re: Bank Of America - sign on process - how is this secure?"
• Reply: Barry Margolin: "Re: Bank Of America - sign on process - how is this secure?"
• Reply: Shaolin Tiger: "Re: Bank Of America - sign on process - how is this secure?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Is SSL protection active without padlock in Explorer Task Bar? ... Unless the first page was secure, which it is not, I don't see how the ... In any event, if my bank did that, I would not use online banking, and would ... | back that other online banking sites such as Wachovia also use this same ... (microsoft.public.security) Re: Is SSL protection active without padlock in Explorer Task Bar? ... > password information would be secure. ... > In any event, if my bank did that, I would not use online banking, and would ... the user name and password through the SSL session. ... (microsoft.public.security) Bank Of America - sign on process - how is this secure? ... On Bank of America's site they have a sign in box to their online banking on ... I want to know, how is this secure? ... click through to https hosted page and THEN sign on from there, safe in the ... (microsoft.public.security) Re: Companies that dont send your check back ... pay bills with online banking. ... It's easier and more secure. ... Not to mention you can usually get images of the checks you have actually ... (misc.consumers) Re: Need to surf the net? Buy this laptop its 1/3 the price of an iPhone..... ... who think that OS X is secure and use the open Wifi to try and do banking ... (most of them can't do online banking on their Mac) ... "If you raise the ceiling four feet, move the fireplace from that wall ... (comp.sys.mac.advocacy)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.misc  > 2002-11