[Tfug] [TFUG] Bank of America e-mail

keith smith klsmith2020 at yahoo.com
Fri Nov 23 09:17:33 MST 2007


I do not know if it is still illegal to identify someone by their SS#.  While in the military over 30 years ago we were given the option of not using our SS# as an id.  The law at that time stated a SS# was to identify you with the Social Security department only.

I personally would refuse to do business with anyone wanting to use my SS# as my ID number.



Jude Nelson <judecn at gmail.com> wrote: Heh--it's been fixed, it seems.  Wow, that was quick.
Normally I wouldn't be concerned because their login process takes
users through multiple SSL-secured checkpoints to verify the validity
of the client, but one thing that still troubles me to this day is
that my bank ID is the same as my social security number...and that's
the ID I needed to type in on the front page to progress to the next
checkpoint >.<

Happy Thanksgiving,
Jude

On 11/22/07, johngalt1  wrote:
> ----- Original Message -----
> From: "keith smith" 
> To: "Tucson Free Unix Group" 
> Sent: Thursday, November 22, 2007 11:40 AM
> Subject: Re: [Tfug] [TFUG] Bank of America e-mail
>
>
> >
> > I think his point was they seem to care less
>
> I don't follow you there... What part of their response
> indicated they didn't care?
>
> > and did not even provide a link to a
> > secure login page.
> >
> > Brian Murphy  wrote: Jude Nelson wrote:
> >> Hey guys,
> >>
> >> I recently submitted a complaint to Bank of America
> >> regarding the fact
> >> that their front page (read: the page where you enter
> >> your Bank ID to
> >> access your account) has insecure elements on the page.
> >> Here's the
> >> excerpt from their response:
> >>
> >>  - While the Online ID and Passcode are presented in web
> >> form fields
> >> over an unencrypted channel, when you type the Online ID
> >> only you can
> >> see the information you type and the Passcode is
> >> displayed as asterisks.
> >>
> >> Yeah. Right.
> >
> >
> > So?  "Insecure" [sic] elements on the form page doesn't
> > mean anything.
> >
> > It submits to a secure page:
> >
> > action="https://sitekey.bankofamerica.com/sas/signon.do"
> > method="post"
> >
> > Therefore the data is encrypted in transfer.
> >
> > Brian
>
>
> BoA's home page is now SSL encrypted. Does that address the
> problem?
>
> Way to go, Jude.
>
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>

_______________________________________________
Tucson Free Unix Group - tfug at tfug.org
Subscription Options:
http://www.tfug.org/mailman/listinfo/tfug_tfug.org




------------------------
Keith Smith
(480) 584-4772
PHP Programming


       
---------------------------------
Be a better pen pal. Text or chat with friends inside Yahoo! Mail. See how.


More information about the tfug mailing list