* Perry E. Metzger:
If you go over to, say, www.fidelity.com, you will find that you can't
even get to the http: version of the page any more -- you are always
redirected to the https: version.
Of course, this only helps if users visit the site using bookmarks
that were created after the
--
Perry E. Metzger wrote:
It used to be that Verizon (my local phone company,
sadly) had this general problem but you could click on
log in and it would direct you to a secure page with
a little error message and you could then enter your
username and password. They've since fixed that
For years, I've complained about banks, such as Chase, which let
people type in the password to their bank account into a page that has
been downloaded via http: instead of https:.
The banks always say oh, that's no problem, because the password is
posted via https:, and I say but that's only if
Quoting Perry E. Metzger [EMAIL PROTECTED]:
Now you might wonder, why do I keep picking on Chase?
A certain other security person and I had an extended argument with
the folks at another company I won't name other than to say that it was
American Express. At the time, they more or less said,
On Tue, January 23, 2007 09:24, Perry E. Metzger wrote:
(Incidently, the article gets a few things wrong. It somewhat implies
that you are safe if you pick a WiFi network you have a previous
relationship with, which isn't true.)
It also is only warning against ad-hoc connections with
Derek Atkins [EMAIL PROTECTED] writes:
I'll just point out that you CAN go to:
https://chaseonline.chase.com/
And that works, and should be secure.
And for the six people that know to do that, it works great. :)
It used to be that Verizon (my local phone company, sadly) had this
general
Hi,
Perry E. Metzger wrote:
For years, I've complained about banks, such as Chase, which let
people type in the password to their bank account into a page that has
been downloaded via http: instead of https:.
The banks always say oh, that's no problem, because the password is
posted via