[Tfug] [TFUG] Bank of America e-mail
Jude Nelson
judecn at gmail.com
Thu Nov 22 16:24:32 MST 2007
...and I didn't pick my Bank ID...it was assigned to me
On 11/22/07, Jude Nelson <judecn at gmail.com> wrote:
> Heh--it's been fixed, it seems. Wow, that was quick.
> Normally I wouldn't be concerned because their login process takes
> users through multiple SSL-secured checkpoints to verify the validity
> of the client, but one thing that still troubles me to this day is
> that my bank ID is the same as my social security number...and that's
> the ID I needed to type in on the front page to progress to the next
> checkpoint >.<
>
> Happy Thanksgiving,
> Jude
>
> On 11/22/07, johngalt1 <johngalt1 at uswest.net> wrote:
> > ----- Original Message -----
> > From: "keith smith" <klsmith2020 at yahoo.com>
> > To: "Tucson Free Unix Group" <tfug at tfug.org>
> > Sent: Thursday, November 22, 2007 11:40 AM
> > Subject: Re: [Tfug] [TFUG] Bank of America e-mail
> >
> >
> > >
> > > I think his point was they seem to care less
> >
> > I don't follow you there... What part of their response
> > indicated they didn't care?
> >
> > > and did not even provide a link to a
> > > secure login page.
> > >
> > > Brian Murphy <murphy> wrote: Jude Nelson wrote:
> > >> Hey guys,
> > >>
> > >> I recently submitted a complaint to Bank of America
> > >> regarding the fact
> > >> that their front page (read: the page where you enter
> > >> your Bank ID to
> > >> access your account) has insecure elements on the page.
> > >> Here's the
> > >> excerpt from their response:
> > >>
> > >> - While the Online ID and Passcode are presented in web
> > >> form fields
> > >> over an unencrypted channel, when you type the Online ID
> > >> only you can
> > >> see the information you type and the Passcode is
> > >> displayed as asterisks.
> > >>
> > >> Yeah. Right.
> > >
> > >
> > > So? "Insecure" [sic] elements on the form page doesn't
> > > mean anything.
> > >
> > > It submits to a secure page:
> > >
> > > action="https://sitekey.bankofamerica.com/sas/signon.do"
> > > method="post"
> > >
> > > Therefore the data is encrypted in transfer.
> > >
> > > Brian
> >
> >
> > BoA's home page is now SSL encrypted. Does that address the
> > problem?
> >
> > Way to go, Jude.
> >
> >
> > _______________________________________________
> > Tucson Free Unix Group - tfug at tfug.org
> > Subscription Options:
> > http://www.tfug.org/mailman/listinfo/tfug_tfug.org
> >
>
More information about the tfug
mailing list