Re: Bank Of America - sign on process - how is this secure?
From: those who know me have no need of my name (not-a-real-address@usa.net)
Date: 11/26/02
- Next message: CIO: "Security Manual Template - 20"
- Previous message: those who know me have no need of my name: "Re: Bank Of America - sign on process - how is this secure?"
- In reply to: Curious Owl: "Re: Bank Of America - sign on process - how is this secure?"
- Next in thread: Sam Simpson: "Re: Bank Of America - sign on process - how is this secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: those who know me have no need of my name <not-a-real-address@usa.net> Date: 26 Nov 2002 05:59:47 GMT
[fu-t set -- still nothing here that is on-topic of pgp or o/s security]
in alt.security.pgp i read:
>However if you do not check the http source each time you attempt to
>login, then since the page requesting your login is sent to you
>unencrypted, it could possibly be modified.
that is true enough, and it is of some value. it would be better if it
weren't for the overall meaning that has come to be attached to the
padlock. like it or not the basic assumption that a lot of people operate
under is that if the padlock is locked they can turn their brains off, when
that is far from true. i.e., there remain other possibilities for which
the padlock, as it stands, cannot help at all, e.g., if the content could
be altered en-route (if not via https) don't you think you could be
transacting with the wrong host just as easily?
-- bringing you boring signatures for 17 years
- Next message: CIO: "Security Manual Template - 20"
- Previous message: those who know me have no need of my name: "Re: Bank Of America - sign on process - how is this secure?"
- In reply to: Curious Owl: "Re: Bank Of America - sign on process - how is this secure?"
- Next in thread: Sam Simpson: "Re: Bank Of America - sign on process - how is this secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
