Re: Bank Of America - sign on process - how is this secure?

From: Shaolin Tiger (r00t@ku.gro.tenkrad)
Date: 11/25/02 

From: "Shaolin Tiger" <r00t@ku.gro.tenkrad>
Date: Mon, 25 Nov 2002 20:20:43 -0000

Lloydi <nuggiepost.20.lloydi@spamgourmet.com> randomly produced:

> On Bank of America's site they have a sign in box to their online
> banking on the home page.
>
> http://www.bankofamerica.com/index.cfm
>
> I want to know, how is this secure? This would surely mean that the
> informattion typed in to the Online ID and passcode fields are not
> encrypted by 128 bit SSL when they are sent to the https page.
> Normally, you have to click through to https hosted page and THEN
> sign on from there, safe in the knowledge that the details are
> encrypted properly.
>
> Is this secure?
>
> Can you explain how they have managed to get around this?
>
> I'm mystified. I've had a look at the source code of the page, and I
> can't really see any client-side masking of the details (and even if
> I did see that I'd question just how secure this is)

It's not secure, simple as that, you are correct.

Shaolin 

--
.: http://www.security-forums.com :.
         Share your knowledge
          It's a way to achieve
                Immortality.

Relevant Pages

  • Bank of America - On Line Banking *NOT* Secure?
    ... I have used On Line Banking for years ...up until a week ago. ... Bank of America revised their web site. ... customers and other visitors, we have made signing in to Online Banking ... secure without making the entire page secure. ...
    (sci.crypt)
  • Re: Need help with Form, almost have answer
    ... only one way to register and pay online, ... Everything was secure. ... But only US residents could pay for the ... and the e-mail address I was using is of the form x@xxxxxxxxxxxx So I examined the Javascript and doctored it to get around this validation and submitted the form again. ...
    (comp.infosystems.www.authoring.html)
  • Re: How much RAM should I havw
    ... I decided to operate 64 bit due to it being more secure when online, ... especially as I do all of my banking and other personally sensitive ...
    (microsoft.public.windows.vista.hardware_devices)
  • Security for Desktop
    ... I would like to know just exactly what is needed to secure a computer ... the CUPS conf file, it is set to deny all except 127.0.0.1. ... In my case, my online usage is web browser, mail via KMail, News via Pan, ... what I'm seeing is that the danger is in open ports/services. ...
    (comp.os.linux.security)
  • Re: How 2 secure PC-PC data transfer
    ... IMO there's a good chance any online PC will be silently ... I have no idea what you mean by "not that secure". ... Security is a frame of mind, and it starts with firewalls, antivirus ... connecting a parallel port cable from PC to PC will work. ...
    (microsoft.public.vc.mfc)