Re: Bank Of America - sign on process - how is this secure?
From: Henrick Hellström (henrick.hellstrm@telia.com)
Date: 11/26/02
- Next message: James Preston: "Re: Bank Of America - sign on process - how is this secure?"
- Previous message: Barry Margolin: "Re: Bank Of America - sign on process - how is this secure?"
- In reply to: those who know me have no need of my name: "Re: Bank Of America - sign on process - how is this secure?"
- Next in thread: those who know me have no need of my name: "Re: Bank Of America - sign on process - how is this secure?"
- Reply: those who know me have no need of my name: "Re: Bank Of America - sign on process - how is this secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Henrick Hellström <henrick.hellstrm@telia.com> Date: Tue, 26 Nov 2002 00:11:00 GMT
those who know me have no need of my name wrote:
> [fu-t set -- this is off-topic in most of the groups named]
>
> in comp.security.misc i read:
>
>>Lloydi <nuggiepost.20.lloydi@spamgourmet.com> randomly produced:
>
>
>>>On Bank of America's site they have a sign in box to their online
>>>banking on the home page.
>>>
>>>http://www.bankofamerica.com/index.cfm
>>
>
>>>Is this secure?
>>
>
>>It's not secure, simple as that, you are correct.
>
>
> the form submission (aka, login) is totally secure. it's the lock / safety
> indicator that is incorrect or misleading, at least it is in all the
> browsers which i've seen, including mozilla and msie. most web sites cater
> to the idiocy (by serving the entire login page via ssl), some don't.
I don't think it is idiotic to transmit the entire login page via ssl.
Sure, the login form doesn't have to be kept *confidential* like the
login password has to, but there is some point in keeping the login page
*authenticated* so that the user doesn't have to look at the html source
to make sure where the password will be sent.
> bofa used to make you link through several pages to reach the login page,
> which you can still do if you like, start at
> <http://www.bankofamerica.com/state.cgi?section=signin>.
>
- Next message: James Preston: "Re: Bank Of America - sign on process - how is this secure?"
- Previous message: Barry Margolin: "Re: Bank Of America - sign on process - how is this secure?"
- In reply to: those who know me have no need of my name: "Re: Bank Of America - sign on process - how is this secure?"
- Next in thread: those who know me have no need of my name: "Re: Bank Of America - sign on process - how is this secure?"
- Reply: those who know me have no need of my name: "Re: Bank Of America - sign on process - how is this secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
