On Fri, 13 Aug 2010 23:59:18 +1200 Peter Gutmann
<pgut...@cs.auckland.ac.nz> wrote:
> As part of a thread on another list, I noticed that Bank of
> America, who until recently didn't bother protecting the page where
> users are expected to enter their credentials with anything more
> substantial than a GIF of a padlock, now finally use HTTPS on their
> home page, and redirect HTTP to HTTPS (this only took them, what,
> about ten years to get right?  Or is it fifteen?  When did BofA
> first get a web presence?).  Wachovia now do it too.  And Citibank
> at least redirect you to an HTTPS page.  And so does US Bank, after
> asking for your ID.
> What on earth happened?  Was there a change in banking regulations
> in the last few months?

I don't know, but Chase, which years ago sent me a letter explaining
exactly how crazy I was for complaining that their front page was
sent in the clear, has also begun redirecting people to https. I'm
unaware of a regulatory shift on this, but perhaps people have
finally learned that doing otherwise is a bad idea.

Perry E. Metzger                pe...@piermont.com

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to