Re: Bank Of America - sign on process - how is this secure?
From: Sam Simpson (sam@samsimpson.com)
Date: 11/26/02
- Next message: Sam Simpson: "Re: Bank Of America - sign on process - how is this secure?"
- Previous message: Jason: "Re: win98 outgoing connections"
- In reply to: Curious Owl: "Re: Bank Of America - sign on process - how is this secure?"
- Next in thread: srt@nospam.unt.edu: "Re: Bank Of America - sign on process - how is this secure?"
- Reply: srt@nospam.unt.edu: "Re: Bank Of America - sign on process - how is this secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Sam Simpson" <sam@samsimpson.com> Date: Tue, 26 Nov 2002 10:00:45 -0000
"Curious Owl" <Whoot@spam.nyet> wrote in message
news:3DE2F440.DC1C40AE@spam.nyet...
> All corrections and elaborations appreciated!
>
> I would think that this is only somewhat secure. Indeed if you are sure
> that the login is sent via https, then you are OK. However if you do not
> check the http source each time you attempt to login, then since the
> page requesting your login is sent to you unencrypted, it could possibly
> be modified.
If you assume that the web server can be hacked, then you could also assume
that (even with the form sitting on an SSL encrypted page) an adversary
could change the "action" to a different site...
- Next message: Sam Simpson: "Re: Bank Of America - sign on process - how is this secure?"
- Previous message: Jason: "Re: win98 outgoing connections"
- In reply to: Curious Owl: "Re: Bank Of America - sign on process - how is this secure?"
- Next in thread: srt@nospam.unt.edu: "Re: Bank Of America - sign on process - how is this secure?"
- Reply: srt@nospam.unt.edu: "Re: Bank Of America - sign on process - how is this secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
