Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Banks Abandoning SSL On Home Page Log-Ins
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AIM can't direct connect if NIS '05 enabled »
« Any good Still?  
AuthorAll Replies


Feets
Premium
join:2002-12-11
Hamilton, ON
·Cogeco Cable

reply to B
Re: Banks Abandoning SSL On Home Page Log-Ins

said by B See Profile :

This confuses everybody who's waiting to see a padlock icon.
Despite offering some peace of mind, the padlock icon is also the quickest way to verify the you are logging into actually came from the bank's server.
to forum · permalink · · 2005-08-24 21:25:38 · Reply to this


nil
Java Geek
join:2000-11-27
1 edit		 How is that.. bad guys can't use SSL?
to forum · permalink · · 2005-08-24 21:55:53 · Reply to this


mers2
Premium,MVM
join:2004-03-20
USA
clubs:
·AT&T U-Verse
said by nil See Profile :

How is that.. bad guys can't use SSL?
Which is why, especially with my financial institution, I want to know before I log on that SSL logon is working.
--
God put me on this Earth to accomplish a certain number of things. Right now, I am so far behind I will never die.
to forum · permalink · · 2005-08-24 21:59:22 · Reply to this


Daniel
Premium,MVM
join:2000-06-26
Pleasanton, CA
clubs:

1 edit		reply to Feets
Actually folks, there is another major issue here. How exactly are they supposed to verify the authenticity of a certificate? Are they supposed to do it after entering their credentials and sending them somewhere?

At that point it's more an informational thing. "Oh goody, let me just check and see real quick where I actually just sent my password." Russia? Oh, that's not good.

The browser should balk at bad certs, but the point is that this is not the sort of thing you want to verify after clicking submit.
--
dmiessler.com - grep understanding knowledge
to forum · permalink · · 2005-08-24 23:04:18 · Reply to this


nil
Java Geek
join:2000-11-27

Host:
Webmasters and Dev..
Forum Feature Requ..
 That's a fair point

I still say the real issue is the kind of information that is sent.. not how it's sent. All the security & keylogger issue could be made a lot less relevant with some brainstorming..
--
Life is too short to be boring
to forum · permalink · · 2005-08-24 23:06:30 · Reply to this

B
Premium,MVM
join:2000-10-28

I hope you're right, nil See Profile, but I can't help thinking that this has been considered for years in the business world and the best we seem to have come up with is smart card tokens with synchronized time-based hashes. They're annoying. Fingerprint scanners have been shown in most cases to have laughable security. I don't know that there's an answer. (Though MS seems to feel differently.) I'm not ready to give up on userids and passwords.

I talked about a too-common little cert issue at »Eddie Bauer A major retailer went almost THREE WEEKS with an expired cert. Nobody cared. They still sold out of the Classic Fit Jeans.

-- B
--
In a realm outside causality and function
to forum · permalink · · 2005-08-24 23:15:11 · Reply to this
Forums » Up and Running » Security » SecurityAIM can't direct connect if NIS '05 enabled »
« Any good Still?  

Friday, 04-Dec 09:59:24 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [163] Comcast Releasing Promised Usage Meter
· [143] Avast Antivirus Has Gone Mad
· [108] Comcast Makes NBC Universal Acquisition Official
· [104] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [90] Google Invades ISP, OpenDNS Turf With Google Public DNS
· [81] Latest Consumer Reports Survey Not Kind To AT&T
· [72] Sprint Defuses GPS Privacy Media Bomb
· [70] Baltimore To Ban Lazy Cable Installs
· [69] FCC Ponders Moving From PSTN To IP Voice
· [64] Broadband Killed The Game Console
Most people now reading
· False positive in Avast! or is it real? [Security]
· Warrior tank seem underpowered these days [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· Do I have a problem due to AVAST? [Security]
· [Rant] Disrespect of PTO [Rants, Raves, and Praise]
· HELP! Leveling up! [World of Warcraft]
· Equal speeds ruling [Canadian Broadband]
· Is Usenet targettable under ACTA? [TekSavvy]