[Tfug] [TFUG] Bank of America e-mail
johngalt1
johngalt1 at uswest.net
Wed Nov 21 23:18:30 MST 2007
----- Original Message -----
From: "Brian Murphy" <>
To: "Tucson Free Unix Group" <>
Sent: Wednesday, November 21, 2007 7:36 PM
Subject: Re: [Tfug] [TFUG] Bank of America e-mail
> Jude Nelson wrote:
>> Hey guys,
>>
>> I recently submitted a complaint to Bank of America
>> regarding the fact
>> that their front page (read: the page where you enter
>> your Bank ID to
>> access your account) has insecure elements on the page.
>> Here's the
>> excerpt from their response:
>>
>> - While the Online ID and Passcode are presented in web
>> form fields
>> over an unencrypted channel, when you type the Online ID
>> only you can
>> see the information you type and the Passcode is
>> displayed as asterisks.
>>
>> Yeah. Right.
>
>
> So? "Insecure" [sic] elements on the form page doesn't
> mean anything.
>
> It submits to a secure page:
> <form name="frmSignIn"
> action="https://sitekey.bankofamerica.com/sas/signon.do"
> method="post"
>
> Therefore the data is encrypted in transfer.
>
> Brian
Are you trying to use facts or analysis to mess up my
fantasy about BoA screwing up?
Arrgh
I s'pose to prove it, the OP or another BoA user could use
Ethereal or Wireshark to check if those login credentials
are being passed in clear text over the wire.
More information about the tfug
mailing list