[Tfug] [TFUG] Bank of America e-mail
keith smith
klsmith2020 at yahoo.com
Fri Nov 23 09:04:39 MST 2007
Because it is a canned response that does not answer why they have a less than secure login.
Saying "...Passcode is displayed as asterisks.". The problem is not what one can see, for the most part, it is the connection with the server.
If the connection is not encrypted the username and password are sent in the clear.
johngalt1 <johngalt1 at uswest.net> wrote: ----- Original Message -----
From: "keith smith"
To: "Tucson Free Unix Group"
Sent: Thursday, November 22, 2007 11:40 AM
Subject: Re: [Tfug] [TFUG] Bank of America e-mail
>
> I think his point was they seem to care less
I don't follow you there... What part of their response
indicated they didn't care?
> and did not even provide a link to a
> secure login page.
>
> Brian Murphy wrote: Jude Nelson wrote:
>> Hey guys,
>>
>> I recently submitted a complaint to Bank of America
>> regarding the fact
>> that their front page (read: the page where you enter
>> your Bank ID to
>> access your account) has insecure elements on the page.
>> Here's the
>> excerpt from their response:
>>
>> - While the Online ID and Passcode are presented in web
>> form fields
>> over an unencrypted channel, when you type the Online ID
>> only you can
>> see the information you type and the Passcode is
>> displayed as asterisks.
>>
>> Yeah. Right.
>
>
> So? "Insecure" [sic] elements on the form page doesn't
> mean anything.
>
> It submits to a secure page:
>
> action="https://sitekey.bankofamerica.com/sas/signon.do"
> method="post"
>
> Therefore the data is encrypted in transfer.
>
> Brian
BoA's home page is now SSL encrypted. Does that address the
problem?
Way to go, Jude.
_______________________________________________
Tucson Free Unix Group - tfug at tfug.org
Subscription Options:
http://www.tfug.org/mailman/listinfo/tfug_tfug.org
------------------------
Keith Smith
(480) 584-4772
PHP Programming
---------------------------------
Be a better pen pal. Text or chat with friends inside Yahoo! Mail. See how.
More information about the tfug
mailing list