Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Chase Bank responds to Website Security Design Flaws
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
(topic move) Contacting Comcast Security »
« Spyware terminator  

therube

join:2004-11-11
Randallstown, MD

1 edit

Re: Chase Bank responds to Website Security Design Flaws

Well looky here, an insecure page that purports to have a secure login. A little gold lock & all:

http://www.dslreports.com/login/L3ByaXZhY3k=?secure=1

So I'm confused - kind of.

Chase was allowing unsecured logins, or they were allowing secured logins from a page which itself was unsecured? And by virtue of that leaves them more vulnerable to various types of attacks that may have resulted in giving up your username/password.

There is a difference. And the wording used to describe it can skew ones judgments on the matter.

Anyhow, in other forums, I have been known to use this tagline:

BANK OF AMERICA.COM ONLINE BANKING SUCKS IN THE HUGEST WAY IMAGINABLE

And it is so. They took what was once a very useful, meaningful web site & turned it into a morass of what might come out of a horses posterior. I have to assume they do this to totally piss of their customers - at least this one (or perhaps in the name of "security").

When this DNS issue came up, I was glad that BoA had that "sitekey" authentication tool, as I believe that by virtue of seeing your key, it lessened fears that you were ending up at a spoofed page.

EDIT:

Revised dslreports link, http://www.dslreports.com/login?secure=1
permalink · 2008-08-19 23:51:18 · Print · Reply to this

nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL

Re: Chase Bank responds to Website Security Design Flaws

Chase was allowing a secured login from an insecure page. The dslreports link you gave does the same, but at least it isn't a bank.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.1
permalink · 2008-08-20 00:07:36 · Reply to this

SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless
said by therube See Profile :

Chase was allowing unsecured logins, or they were allowing secured logins from a page which itself was unsecured? And by virtue of that leaves them more vulnerable to various types of attacks that may have resulted in giving up your username/password.
The login data was transmitted via SSL regardless of whether the page it was entered into was encrypted or not.
A short sighted view would be that when entering your data in a legit Chase login page, it doesn't matter that the page isn't SSL, because the data won't be transmitted until it's encrypted & that's true.
The problem with this is one of education & appearances of a website asking for sensitive data.
It should be a common practice that if a page isn't encrypted, don't trust it with your stuff.
Maybe now that Chase is coming onboard more will follow.
permalink · 2008-08-20 00:09:03 · Print · Reply to this

sivran
Long Live The Suite
Premium
join:2003-09-15
Arlington, TX
clubs:
·RoadRunner Cable
said by therube See Profile :

Anyhow, in other forums, I have been known to use this tagline:

BANK OF AMERICA.COM ONLINE BANKING SUCKS IN THE HUGEST WAY IMAGINABLE

And it is so. They took what was once a very useful, meaningful web site & turned it into a morass of what might come out of a horses posterior. I have to assume they do this to totally piss of their customers - at least this one (or perhaps in the name of "security").
How so? The basic layout and information provided on bofa online has not changed in years. They've added a few bells and whistles, true, but it's still the same number of clicks, the same layout, the same information to pay your bills or look over your accounts as it's been for years.

Heck, they even encrypted their main page finally.

Personally I find it much better than WaMu's online banking. Though admittedly, WaMu's is cleaner.
--
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon profitable cause...
permalink · 2008-08-20 17:38:41 · Print · Reply to this
Forums » Up and Running » Security » Security(topic move) Contacting Comcast Security »
« Spyware terminator  

Monday, 30-Nov 22:19:37 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [50] Baltimore To Ban Lazy Cable Installs
· [41] Broadband Killed The Game Console
· [30] Rural Carriers Quickly Embracing Fiber
· [28] AT&T Top Lobbyist Cicconi Has His Feelings Hurt
· [23] Charter Exits Chapter 11
· [19] Midcontinent Socked With Easement Lawsuit
· [3] Monday Morning Links
· [2] Monday Evening Links
Most people now reading
· [Rant] called out sick! [Rants, Raves, and Praise]
· Issues tonight in North TX? [AT&T Southwest]
· Is Microsoft Technet ok to use for my family PC's? [Microsoft Help]
· Heating - my dad gave me this advice... [Home Repair & Improvement]
· Windows 7 boot manager editing questions [Microsoft Help]
· filling an in-ground pool [Home Repair & Improvement]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· [Internet] Gaming problem for "Heroes of Newerth" ( New bell Upd [Bell Canada]
· Are GPS's better today? [General Questions]
· Considering Leaving Vonage, who should I Consider? [VOIP Tech Chat]