Topher Fischer <[EMAIL PROTECTED]> writes:
> Since I've started working on this, I haven't used a login form that
> wasn't given to me over SSL. Luckily, everything I use has some sort of
> secure login form somewhere on their site. I've tried to find one for
> Zion's bank, and haven't been able to. Fortunately, I don't bank with them.
Zion's Bank uses one of those new-fangled multi-step logins. You
enter your user id on the front page, and then you are shown a picture
and asked a question (over a ssl connection) or, if you've previously
done this step and got a cookie, you're shown a picture and asked to
enter your password. Since only the user id is entered into the form
in the non-ssl page, it should be safe from your particular attack.
--Levi
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
