Re: Bank Of America - sign on process - how is this secure?

From: Sam Simpson (sam@samsimpson.com)
Date: 11/26/02 

From: "Sam Simpson" <sam@samsimpson.com>
Date: Tue, 26 Nov 2002 10:00:59 -0000

Explain?

"Shaolin Tiger" <r00t@ku.gro.tenkrad> wrote in message
news:3de2862f$1_1@news1.vip.uk.com...
> Lloydi <nuggiepost.20.lloydi@spamgourmet.com> randomly produced:
>
> > On Bank of America's site they have a sign in box to their online
> > banking on the home page.
> >
> > http://www.bankofamerica.com/index.cfm
> >
> > I want to know, how is this secure? This would surely mean that the
> > informattion typed in to the Online ID and passcode fields are not
> > encrypted by 128 bit SSL when they are sent to the https page.
> > Normally, you have to click through to https hosted page and THEN
> > sign on from there, safe in the knowledge that the details are
> > encrypted properly.
> >
> > Is this secure?
> >
> > Can you explain how they have managed to get around this?
> >
> > I'm mystified. I've had a look at the source code of the page, and I
> > can't really see any client-side masking of the details (and even if
> > I did see that I'd question just how secure this is)
>
> It's not secure, simple as that, you are correct.
>
> Shaolin
>
> --
>
>
> .: http://www.security-forums.com :.
>
> Share your knowledge
> It's a way to achieve
> Immortality.
>
>
>
>
>

Relevant Pages

  • Bank of America - On Line Banking *NOT* Secure?
    ... I have used On Line Banking for years ...up until a week ago. ... Bank of America revised their web site. ... customers and other visitors, we have made signing in to Online Banking ... secure without making the entire page secure. ...
    (sci.crypt)
  • Security for Desktop
    ... I would like to know just exactly what is needed to secure a computer ... the CUPS conf file, it is set to deny all except 127.0.0.1. ... In my case, my online usage is web browser, mail via KMail, News via Pan, ... what I'm seeing is that the danger is in open ports/services. ...
    (comp.os.linux.security)
  • Re: Security for Desktop
    ... > I would like to know just exactly what is needed to secure a computer ... I now have only one port ... > the CUPS conf file, it is set to deny all except 127.0.0.1. ... > In my case, my online usage is web browser, mail via KMail, News via Pan, ...
    (comp.os.linux.security)
  • Re: Will I Need SP2?
    ... Dial-up is no more secure than high speed. ... that dial-up users are online for a limited time a day while high ... there are options to order SP-1 on CD as well as download on another ...
    (microsoft.public.windowsxp.general)
  • Re: Secure you PC or get kicked off the net?
    ... >> rather have the government come in and secure it for you? ... it may be *small* in comparison to the total number online. ... the ignorant fuck-wittted Americans that we hear horror ...
    (comp.security.firewalls)