[<prev] [next>] [day] [month] [year] [list]
Message-ID: <87k6yw5oza.fsf@snark.piermont.com>
From: perry at piermont.com (Perry E. Metzger)
Subject: http://www.chase.com/ vulnerability
<gauntlet@....hush.com> writes:
> Many financial institutions do the same thing.
>
> www.americanexpress.com:
>
> Security is important to everyone!
>
> Please be assured that, although the home page itself does not have an
> "https" URL, the login component of this page is secure. When you enter your
> User ID and password, your information is transmitted via a secure
> environment,
Except you have no way to know that without reading the html, since
someone could have intercepted and altered the form. Given how many
people can or will read the html, the assurances are completely false
and essentially constitute a way of training their customers to have
their accounts taken over in the future.
--
Perry E. Metzger perry@...rmont.com
Powered by blists - more mailing lists