[Tfug] [TFUG] Bank of America e-mail

Jude Nelson judecn at gmail.com
Thu Nov 22 16:23:55 MST 2007


Heh--it's been fixed, it seems.  Wow, that was quick.
Normally I wouldn't be concerned because their login process takes
users through multiple SSL-secured checkpoints to verify the validity
of the client, but one thing that still troubles me to this day is
that my bank ID is the same as my social security number...and that's
the ID I needed to type in on the front page to progress to the next
checkpoint >.<

Happy Thanksgiving,
Jude

On 11/22/07, johngalt1 <johngalt1 at uswest.net> wrote:
> ----- Original Message -----
> From: "keith smith" <klsmith2020 at yahoo.com>
> To: "Tucson Free Unix Group" <tfug at tfug.org>
> Sent: Thursday, November 22, 2007 11:40 AM
> Subject: Re: [Tfug] [TFUG] Bank of America e-mail
>
>
> >
> > I think his point was they seem to care less
>
> I don't follow you there... What part of their response
> indicated they didn't care?
>
> > and did not even provide a link to a
> > secure login page.
> >
> > Brian Murphy <murphy> wrote: Jude Nelson wrote:
> >> Hey guys,
> >>
> >> I recently submitted a complaint to Bank of America
> >> regarding the fact
> >> that their front page (read: the page where you enter
> >> your Bank ID to
> >> access your account) has insecure elements on the page.
> >> Here's the
> >> excerpt from their response:
> >>
> >>  - While the Online ID and Passcode are presented in web
> >> form fields
> >> over an unencrypted channel, when you type the Online ID
> >> only you can
> >> see the information you type and the Passcode is
> >> displayed as asterisks.
> >>
> >> Yeah. Right.
> >
> >
> > So?  "Insecure" [sic] elements on the form page doesn't
> > mean anything.
> >
> > It submits to a secure page:
> >
> > action="https://sitekey.bankofamerica.com/sas/signon.do"
> > method="post"
> >
> > Therefore the data is encrypted in transfer.
> >
> > Brian
>
>
> BoA's home page is now SSL encrypted. Does that address the
> problem?
>
> Way to go, Jude.
>
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>




More information about the tfug mailing list