[Tfug] [TFUG] Bank of America e-mail

keith smith klsmith2020 at yahoo.com
Thu Nov 22 11:40:42 MST 2007


I think his point was they seem to care less and did not even provide a link to a 
secure login page.

Brian Murphy <murphy at coppershadow.com> wrote: Jude Nelson wrote:
> Hey guys,
> 
> I recently submitted a complaint to Bank of America regarding the fact
> that their front page (read: the page where you enter your Bank ID to
> access your account) has insecure elements on the page.  Here's the
> excerpt from their response:
> 
>  - While the Online ID and Passcode are presented in web form fields
> over an unencrypted channel, when you type the Online ID only you can
> see the information you type and the Passcode is displayed as asterisks.
> 
> Yeah. Right.


So?  "Insecure" [sic] elements on the form page doesn't mean anything.

It submits to a secure page:

action="https://sitekey.bankofamerica.com/sas/signon.do" method="post"

Therefore the data is encrypted in transfer.

Brian


_______________________________________________
Tucson Free Unix Group - tfug at tfug.org
Subscription Options:
http://www.tfug.org/mailman/listinfo/tfug_tfug.org




------------------------
Keith Smith
(480) 584-4772
PHP Programming


       
---------------------------------
Get easy, one-click access to your favorites.  Make Yahoo! your homepage.


More information about the tfug mailing list