Bank of America - On Line Banking *NOT* Secure?
From: Neil - Salem, MA USA (Neil_at_Salem.Massachusetts.USA)
Date: 06/25/05
- Next message: \: "Re: Q: Why can't pedo John Hadstate stop talking about Child Sex ??"
- Previous message: \: "Re: crypto sms"
- Next in thread: Bob Deblier: "Re: Bank of America - On Line Banking *NOT* Secure?"
- Reply: Bob Deblier: "Re: Bank of America - On Line Banking *NOT* Secure?"
- Reply:(deleted message) Juergen Nieveler: "Re: Bank of America - On Line Banking *NOT* Secure?"
- Maybe reply: Anne & Lynn Wheeler: "Re: Bank of America - On Line Banking *NOT* Secure?"
- Reply: Nelson B: "Re: Bank of America - On Line Banking *NOT* Secure?"
- Maybe reply: Mike Amling: "Re: Bank of America - On Line Banking *NOT* Secure?"
- Reply: Tim Smith: "Re: Bank of America - On Line Banking *NOT* Secure?"
- Maybe reply: Tim Smith: "Re: Bank of America - On Line Banking *NOT* Secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 25 Jun 2005 12:44:05 -0400
Could someone please check out Bank of America's web site at
http://www.bankofamerica.com and examine it for poor on non-existent
security?
I have used On Line Banking for years ...up until a week ago. That's when
Bank of America revised their web site. As their web site is now, any
customer who wishes to use On Line Banking enters his or her account number
and Passcode into form fields on a web page that is NOT secured with SSL!
They do post a comment that says, "You may notice when you are on our home
page that some familiar indicators do not appear in your browser to confirm
the entire page is secure. Those indicators include the small "lock" icon in
the bottom right corner of the browser frame and the "s" in the Web address
bar (for example, "https").
"To provide the fastest access to our home page for all of our millions of
customers and other visitors, we have made signing in to Online Banking
secure without making the entire page secure. Again, please be assured that
your ID and passcode are secure and that only Bank of America has access to
them."
In other words, they are saying, "Trust us." They are also encouraging
people to use ignore the advice of security experts who all say, "Do NOT
enter sensitive data into a web form if the web page does not indicate that
it has been secured with SSL! With Internet Explorer, the simplest way to
confirm that the page is secure is to look for the icon of the pad lock in
the bottom right portion of the browser."
It is completely irresponsible on the part of Bank of America to suggest to
their customers that they (the customers) use a poor security practice
(putting sensitive data into a form on an unsecured web page) - justifying
such a suggestion with the words, "please be assured."
I fear that millions of customers may be publicly exposing their account
information on the Internet. If that is the case, this is a scandal.
Thank you,
Neil
Salem, MA USA
- Next message: \: "Re: Q: Why can't pedo John Hadstate stop talking about Child Sex ??"
- Previous message: \: "Re: crypto sms"
- Next in thread: Bob Deblier: "Re: Bank of America - On Line Banking *NOT* Secure?"
- Reply: Bob Deblier: "Re: Bank of America - On Line Banking *NOT* Secure?"
- Reply:(deleted message) Juergen Nieveler: "Re: Bank of America - On Line Banking *NOT* Secure?"
- Maybe reply: Anne & Lynn Wheeler: "Re: Bank of America - On Line Banking *NOT* Secure?"
- Reply: Nelson B: "Re: Bank of America - On Line Banking *NOT* Secure?"
- Maybe reply: Mike Amling: "Re: Bank of America - On Line Banking *NOT* Secure?"
- Reply: Tim Smith: "Re: Bank of America - On Line Banking *NOT* Secure?"
- Maybe reply: Tim Smith: "Re: Bank of America - On Line Banking *NOT* Secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
