On Friday 13 August 2010 04:59, Peter Gutmann wrote: > As part of a thread on another list, I noticed that Bank of America, who > until recently didn't bother protecting the page where users are expected > to enter their credentials with anything more substantial than a GIF of a > padlock, now finally use HTTPS on their home page, and redirect HTTP to > HTTPS (this only took them, what, about ten years to get right? Or is it > fifteen? When did BofA first get a web presence?). Wachovia now do it > too. And Citibank at least redirect you to an HTTPS page. And so does US > Bank, after asking for your ID. > > What on earth happened? Was there a change in banking regulations in the > last few months? > > Peter.
It wouldn't surprise me if there's been some blowback from the adoption of PCI-DSS (Payment Card Industry Data Security Standards). As someone who has had to help several small to medium size businesses comply with these 'voluntary' standards, the irony of the fact that the big banks that require them often aren't in compliance themselves hasn't escaped my notice. -- Jeff Simmons jsimm...@goblin.punk.net Simmons Consulting - Network Engineering, Administration, Security "You guys, I don't hear any noise. Are you sure you're doing it right?" -- My Life With The Thrill Kill Kult --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com