once more, with feeling.
Perry E. Metzger
perry at piermont.com
Mon Sep 8 10:31:26 EDT 2008
I was shocked that several people posted in response to Peter
Gutmann's note about Wachovia, asking (I paraphrase):
"What is the problem here? Wachovia's front page is only http
protected, but the login information is posted with https! Surely this
is just fine, isn't it?"
I'm not going to explain why this is wrong. It should be obvious. If
it isn't obvious to you, you should try thinking like an attacker for
a few moments. If it still isn't obvious to you why this is very bad,
read the list archives.
(I won't be forwarding followups to this unless they are unusually
interesting.)
Perry
--
Perry E. Metzger perry at piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list