On Fri, 13 Aug 2010 23:59:18 +1200 Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > As part of a thread on another list, I noticed that Bank of > America, who until recently didn't bother protecting the page where > users are expected to enter their credentials with anything more > substantial than a GIF of a padlock, now finally use HTTPS on their > home page, and redirect HTTP to HTTPS (this only took them, what, > about ten years to get right? Or is it fifteen? When did BofA > first get a web presence?). Wachovia now do it too. And Citibank > at least redirect you to an HTTPS page. And so does US Bank, after > asking for your ID. > > What on earth happened? Was there a change in banking regulations > in the last few months?
I don't know, but Chase, which years ago sent me a letter explaining exactly how crazy I was for complaining that their front page was sent in the clear, has also begun redirecting people to https. I'm unaware of a regulatory shift on this, but perhaps people have finally learned that doing otherwise is a bad idea. Perry -- Perry E. Metzger pe...@piermont.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com