[Tfug] [TFUG] Bank of America e-mail
Bowie J. Poag
bpoag at comcast.net
Sun Nov 25 06:37:33 MST 2007
Jude,
0) Send them a polite apology. You're wrong.
1) The information you're entering is going into form, client-side. You
aren't transmitting keystrokes. Their form is secure, which means
anything you enter client-side is going to be transmitted to their
server over a secure connection when the client (your browser) POSTs the
data. Even things you enter into the Search box are encrypted -- Look at
the page source.
2) Banks' websites are subject to the same federal regulatory rules that
other financial institutions are. Look up FFIEC on the web if you're
bored, or need to sleep. They're the regulatory body that governs how
banks handle online security. A bank as large as BofA being out of
compliance would be unthinkable.
Cheers,
Bowie
Jude Nelson wrote:
> Hey guys,
>
> I recently submitted a complaint to Bank of America regarding the fact
> that their front page (read: the page where you enter your Bank ID to
> access your account) has insecure elements on the page. Here's the
> excerpt from their response:
>
> - While the Online ID and Passcode are presented in web form fields
> over an unencrypted channel, when you type the Online ID only you can
> see the information you type and the Passcode is displayed as asterisks.
>
> Yeah. Right.
>
> Jude
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
>
More information about the tfug
mailing list