[Tfug] [TFUG] Bank of America e-mail
johngalt1
johngalt1 at uswest.net
Thu Nov 22 14:59:22 MST 2007
----- Original Message -----
From: "keith smith" <klsmith2020 at yahoo.com>
To: "Tucson Free Unix Group" <tfug at tfug.org>
Sent: Thursday, November 22, 2007 11:40 AM
Subject: Re: [Tfug] [TFUG] Bank of America e-mail
>
> I think his point was they seem to care less
I don't follow you there... What part of their response
indicated they didn't care?
> and did not even provide a link to a
> secure login page.
>
> Brian Murphy <murphy> wrote: Jude Nelson wrote:
>> Hey guys,
>>
>> I recently submitted a complaint to Bank of America
>> regarding the fact
>> that their front page (read: the page where you enter
>> your Bank ID to
>> access your account) has insecure elements on the page.
>> Here's the
>> excerpt from their response:
>>
>> - While the Online ID and Passcode are presented in web
>> form fields
>> over an unencrypted channel, when you type the Online ID
>> only you can
>> see the information you type and the Passcode is
>> displayed as asterisks.
>>
>> Yeah. Right.
>
>
> So? "Insecure" [sic] elements on the form page doesn't
> mean anything.
>
> It submits to a secure page:
>
> action="https://sitekey.bankofamerica.com/sas/signon.do"
> method="post"
>
> Therefore the data is encrypted in transfer.
>
> Brian
BoA's home page is now SSL encrypted. Does that address the
problem?
Way to go, Jude.
More information about the tfug
mailing list