Hi, Perry E. Metzger wrote: > For years, I've complained about banks, such as Chase, which let > people type in the password to their bank account into a page that has > been downloaded via http: instead of https:. > > The banks always say "oh, that's no problem, because the password is > posted via https:", and I say "but that's only if the page comes from > *you*, and it might come from a bad guy."
A German bank had the same problem. After some discussions without positive results I wrote an article about SSL problems for a large German IT magazine and described their situation. A short time after they changed the login page to https. Matthias -- Matthias Bruestle, Managing Director Phone +49 (0) 91 19 55 14 91, Fax +49 (0) 91 19 55 14 97 MaskTech GmbH, Nordostpark 16, 90411 Nuernberg, Germany --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]