AmEx unprotected login site
Perry E. Metzger
perry at piermont.com
Wed Jun 8 15:16:29 EDT 2005
Jerrold Leichter <jerrold.leichter at smarts.com> writes:
> If you look at their site now, they *claim* to have fixed it: The login box
> has a little lock symbol on it. Click on that, and you get a pop-up window
> discussing the security of the page. It says that although the page itself
> isn't protected, "your information is transmitted via a secure environment".
>
> No clue as to what exactly they are doing, hence if it really is secure.
They're still doing the wrong thing. Unless the page was transmitted
to you securely, you have no way to trust that your username and
password are going to them and not to someone who cleverly sent you an
altered version of the page.
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list