[Tfug] [TFUG] Bank of America e-mail
Brian Murphy
murphy at coppershadow.com
Wed Nov 21 19:36:43 MST 2007
Jude Nelson wrote:
> Hey guys,
>
> I recently submitted a complaint to Bank of America regarding the fact
> that their front page (read: the page where you enter your Bank ID to
> access your account) has insecure elements on the page. Here's the
> excerpt from their response:
>
> - While the Online ID and Passcode are presented in web form fields
> over an unencrypted channel, when you type the Online ID only you can
> see the information you type and the Passcode is displayed as asterisks.
>
> Yeah. Right.
So? "Insecure" [sic] elements on the form page doesn't mean anything.
It submits to a secure page:
<form name="frmSignIn"
action="https://sitekey.bankofamerica.com/sas/signon.do" method="post"
Therefore the data is encrypted in transfer.
Brian
More information about the tfug
mailing list