As part of a thread on another list, I noticed that Bank of America, who until recently didn't bother protecting the page where users are expected to enter their credentials with anything more substantial than a GIF of a padlock, now finally use HTTPS on their home page, and redirect HTTP to HTTPS (this only took them, what, about ten years to get right? Or is it fifteen? When did BofA first get a web presence?). Wachovia now do it too. And Citibank at least redirect you to an HTTPS page. And so does US Bank, after asking for your ID.
What on earth happened? Was there a change in banking regulations in the last few months? Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com