As part of a thread on another list, I noticed that Bank of America, who until
recently didn't bother protecting the page where users are expected to enter
their credentials with anything more substantial than a GIF of a padlock, now
finally use HTTPS on their home page, and redirect HTTP to HTTPS
On Friday 13 August 2010 04:59, Peter Gutmann wrote:
As part of a thread on another list, I noticed that Bank of America, who
until recently didn't bother protecting the page where users are expected
to enter their credentials with anything more substantial than a GIF of a
padlock, now finally
What on earth happened? Was there a change in banking regulations in
the last few months?
No, but we know that banks move in herds, and they mostly talk to each
other, not anyone with outside expertise.
More likely someone noticed that computers are a lot faster than they
were a decade ago, you
What on earth happened? Was there a change in banking regulations in the last
few months?
Possibly it's related to PCI DSS and other work that BITS has been doing. Also,
if one major player cleans up their act and sings about how cool they are, then
that can cause the ice to break.
Another
Jeff Simmons wrote:
It wouldn't surprise me if there's been some blowback from the adoption of
PCI-DSS (Payment Card Industry Data Security Standards). As someone who
has
had to help several small to medium size businesses comply with these
'voluntary' standards, the irony of the fact that
On 08/13/2010 02:12 PM, Jon Callas wrote:
What on earth happened? Was there a change in banking regulations in the last
few months?
Possibly it's related to PCI DSS and other work that BITS has been doing. Also,
if one major player cleans up their act and sings about how cool they are, then