AmEx unprotected login site (was encrypted tapes, was Re: Papersabout "Algorithm hiding" ?)
Ben Laurie
ben at algroup.co.uk
Wed Jun 8 10:38:12 EDT 2005
Amir Herzberg wrote:
> 3. They did not actually spell out the problem in using SSL in the
> homepage (like eTrade, for instance). But I think I know the reason
> (they didn't confirm or deny). I think the reason is that they host
> their site; in particlar, when I tried accessing it via https, I got an
> Akamai certificate... [I don't think they liked this observation; now
> you are led to the unprotected site]
This would appear to be an artefact. If you fetch the page you are
redirected to (http://home.americanexpress.com/home/mt_personal.shtml)
over HTTPS you'll find it is still an akamai server.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list