On Friday 13 August 2010 04:59, Peter Gutmann wrote:
> As part of a thread on another list, I noticed that Bank of America, who
> until recently didn't bother protecting the page where users are expected
> to enter their credentials with anything more substantial than a GIF of a
> padlock, now finally use HTTPS on their home page, and redirect HTTP to
> HTTPS (this only took them, what, about ten years to get right?  Or is it
> fifteen?  When did BofA first get a web presence?).  Wachovia now do it
> too.  And Citibank at least redirect you to an HTTPS page.  And so does US
> Bank, after asking for your ID.
>
> What on earth happened?  Was there a change in banking regulations in the
> last few months?
>
> Peter.

It wouldn't surprise me if there's been some blowback from the adoption of 
PCI-DSS (Payment Card Industry Data Security Standards). As someone who has 
had to help several small to medium size businesses comply with these 
'voluntary' standards, the irony of the fact that the big banks that require 
them often aren't in compliance themselves hasn't escaped my notice.

-- 
Jeff Simmons                                   jsimm...@goblin.punk.net
Simmons Consulting - Network Engineering, Administration, Security
"You guys, I don't hear any noise.  Are you sure you're doing it right?"
        --  My Life With The Thrill Kill Kult

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to