Slashdot Mirror

← Back to Domains

Domain: bankofamerica.com

Stories and comments across the archive that link to bankofamerica.com.

Comments · 120

  1. Bank of America by hackstraw · · Score: 2, Interesting · on One-Time Pads To Protect Electronic Bank Access

    Just plain sucks when it comes to security. Got to http://www.bankofamerica.com. Notice that its http and not https. Also, now go to https://www.bankofamerica.com, and notice that it kindly redirects you back to the insecure link.

    I use this bank, and I always put in my wrong userid and passwd so that I can enter them on a secure page. If someone is interested in thousands of bank accounts go ahead and register www.bankfoamerica.com or something similar, and mass mail people to make sure their account is correct or whatever. People will follow the link. You can simply grab their info and redirect them to the proper server with little hastle from anyone.

    I've called and told them about this, and they told me that "We are a bank, we take security very seriously, thank you very much". This was when I called them to find out the real balance of my credit card. I had 2 balances with $1,200 difference between them. They told me it was a cache problem in my browser, even thought I used 3 different browsers, under 2 different usernames on my system. They didn't seem to understand that a) https data is not cached between browsers, nor b) https data is not cached between different users. Oh yeah, this is also after they started talking to me about my last purchases on my cc without confirming _any_ form of identification besides my cc number.

    I feel as though I have an OK workaround by putting in the wrong info the 1st time, but if anyone else uses Bank Of America, I would suggest a call to them.

  2. Bank of America by hackstraw · · Score: 2, Interesting · on One-Time Pads To Protect Electronic Bank Access

    Just plain sucks when it comes to security. Got to http://www.bankofamerica.com. Notice that its http and not https. Also, now go to https://www.bankofamerica.com, and notice that it kindly redirects you back to the insecure link.

    I use this bank, and I always put in my wrong userid and passwd so that I can enter them on a secure page. If someone is interested in thousands of bank accounts go ahead and register www.bankfoamerica.com or something similar, and mass mail people to make sure their account is correct or whatever. People will follow the link. You can simply grab their info and redirect them to the proper server with little hastle from anyone.

    I've called and told them about this, and they told me that "We are a bank, we take security very seriously, thank you very much". This was when I called them to find out the real balance of my credit card. I had 2 balances with $1,200 difference between them. They told me it was a cache problem in my browser, even thought I used 3 different browsers, under 2 different usernames on my system. They didn't seem to understand that a) https data is not cached between browsers, nor b) https data is not cached between different users. Oh yeah, this is also after they started talking to me about my last purchases on my cc without confirming _any_ form of identification besides my cc number.

    I feel as though I have an OK workaround by putting in the wrong info the 1st time, but if anyone else uses Bank Of America, I would suggest a call to them.

  3. Re:the needed patch by essdodson · · Score: 1 · on Microsoft Security Patch Fixes URL Security Flaw
    Just the Facts here.

    Bank of America | Online Banking | Technical and Security FAQs

    What kind of computer equipment and software do I need for Online Banking?

    You need a computer, modem, Internet access and one of the following recommended Internet browsers: Netscape 6.2 and higher or Microsoft Internet Explorer 5.5 and higher. You can use either a Macintosh or a Windows computer.


    Looks like they don't want to deal with Linux users.
  4. Re:the needed patch by roystgnr · · Score: 4, Funny · on Microsoft Security Patch Fixes URL Security Flaw

    Yes, Mozilla is better than IE in alot of cases... but don't forget, the average user still uses the internet for email, online banking, and news sites.

    So do I.

    And guess where you are more than likely to run into an "I.E. reccomended" site? Online banking.

    Not at my little bank.

    Reality is, Mozilla is a far way from replacing I.E.

    Well, if your bank sucks, I suppose so. I'd be curious about which bank it is, though; the only place I still see "You should have Internet Explorer!" pages is zone.msn.com.

  5. Re:Finally... by z_gringo · · Score: 1 · on SCO Ordered to Produce Evidence

    My broker currently has plenty available to short.

  6. Re:paymybills.com by macdaddy · · Score: 1 · on Simple Document Imaging for Unix?

    I do this with my Bank of America account, for free. They even have provisions for receiving e-bills for companies that support it and automagically paying your bills for you. Nice. I've been thoroughly impressed with their web services in the month or so I've been a customer. I have the My Access account. They make $$ by charging you if you took up the time of one of their tellers too often. I can visit a bank teller something like 3 times per bill cycle. Customer service visits don't count. Basically the only time you get billed is when you make a deposit in person instead of via an ATM, withdraw $$ in person rather than at an ATM, or transfer $$ in person rather than on the phone or at an ATM. I've been impressed and I'm not easy to impress when it comes to banking.

  7. Re:WebSense filtering by jroysdon · · Score: 1 · on WebSense Patents Censorware System

    How about https on tcp/443? I doubt they'd block this as many things these days require it (FAFSA comes to mind).

    If they don't block it (try a few random banks' homebanking sign-on page to see if you can connect), then use proxytunnel to pass ssh via tcp/443 and you can then portforward to a home proxy server.

    Best of all, it's all encrypted and they can see none of it other than the ssh connection to your home server which is encrypted (as would be any https tcp/443 traffic).

  8. Re:We'll never see this. by Maniakes · · Score: 1 · on Cashless Society

    We, Canadian or American, will never see a cash replacement like this.

    Funny. I've seen plenty of "gift cards" floating around the US. Anonymous plastic cards with magnetic strips, the issuer keeping track of how much money is on each card. In most cases, you can add money at the checkout counter by giving the checker cash, check, or traditional plastic. Some are just accepted by the issuing store. Others are linked into the existing credit/debit card network. Examples:

    Shell (only accepted by issuing store)
    Discover
    National City/Visa
    Bank of America/Visa
    American Express

    The last two have the recipient's name on the card, but it is legal and unchecked to give them a pseudonym for privacy reasons.

    It's strange to see the banner of liberty go back to the French, after so many years.

    This may just be my libertarian bias talking, but having something arise from the private sector seems more free than having the same thing imposed by government fiat.

  9. Re:no house required by Cy+Guy · · Score: 1 · on Personal Helicopter Available For $30,000

    Alaska was happy enough to give me a card with limit of $10K.....Did I mention that Alaska gives me miles for my spending

    I take it you are referring to the Alaska Airlines frequent flier credit card. It isn't issued by the airline, its' issued by a bank - Bank of America to be specific.

  10. Summary by DeadSea · · Score: 5, Informative · on Credit Card Websites Who Support Mozilla?

    Gopher uses Mozilla with his MBNA Card.

    AmDrEx points to Discover Card.

    tswinzig says that American Express works fine.

    spaceling points out that you could get an AT&T Universal Card.

    inepom01 recommends Chase Manhattan.

    An Anonymous Coward says that he uses Providian.

    Several folks have also pointed out online banks that they use:

  11. Big Sites Have Big Problems - But There Is Hope by RedSynapse · · Score: 4, Informative · on Web Designers Ignoring Standards and Support IE Only
    First off I want to dispel the myth that only small fry peon sites have standards compliance problems. Bugzilla currently has 1920 Tech Evangelism bugs open. These bugs all deal with websites that have poor coding resulting in problems rendering properly in Mozilla. These are sites like:
    • National Australia Bank Click "Register Now" and you get a "Your Browser Version is not supported"
    • CN Rail North America's Railroad (Excluding non-NS6 users).
    • Bank Of America Try to apply for a gold card and the form gets screwed up.
    • Benjamin Moore Sorry our page is designed for IE only, buy your paint elsewhere.
    • Novartis Screwed up rendering.
    • Connectsite Exchange, Collaborate, Connect! Unless of course your using a non IE browser, then go away.

    This isn't counting the 1720 Tech Evangelism bugs that have already been resolved. Sites like salomonsmithbarney.com, yahoo.com, cbs.com, citrix.com and many many more have all resolved improper coding issues that screwed up non IE rendering. But the positive news is that in 1720 cases web administrators have changed their websites to make them unbroken.

    Here's an example. One of the most highly reported bugs (bug 114812) that has since been fixed was with hotmail. Due to faulty javascript implementation if you would select the "ALL MESSAGES" box in your inbox only one message would actually be selected, so to delete the mountains of spam that accumulate daily you had to click the box beside _each_individual_message_. Clicking 200 checkboxes after not checking your mailbox for a few days does not a fun time make. Anyway after about 6 months of pestering microsoft finally fixed it. The moral: If complaining can make Microsoft make its pages standards compliant well the sky's the limit.

    Anyway if you want to do something to help check out Mozilla Evangelism The site is chock full of advice about how to report and deal with non-compliant websites. You can even use the Letter Writing Tool to write and send a nifty letter to website administrators who haven't yet seen the light. Obviously the site is geared to getting things to work properly in Mozilla, but the fact is, things tend to work in Mozilla if they are standards compliant.

  12. Re:Well go ahead, got any better ideas? by hacker · · Score: 1 · on Mozilla 0.9.7 Released!
    Hi there. I designed the interface for Mozilla's Javascript prefs back in September, and Doron Rosenberg has spent the past couple of months implementing it.

    I have a suggestion for another interface for a 0.9.8 release; a UserAgent Editor. You would be surprised how intricate my junkbuster config is now with forged UserAgent strings so I can get into sites which simply block based on them (my bank now requires IE to do online banking, and nothing else will do. When I called them to let them know their previously working website was no longer working, they suggested I "upgrade" to Windows instead.. and I pay for this service?!). I should be able to selectively create/send/restrict my UserAgent string as sent to the remote system via a nice user-friendly UI that lets me hand-enter strings, or pass parts of my browser UserAgent across.

    Just a thought...

  13. Bank of America by Laika · · Score: 1 · on "Opt-Out" Of Financial Data Sharing

    Well, after spending quite a bit of time mucking about on their web site, I found the proper information to opt-out... here's a link and a number... Bank of America Privacy Policy 888.341.5000

  14. Re:Banks in canada generally suck by rillian · · Score: 2 · on OS-Independent Web Banking?

    im with scotia bank, if you want to use online banking, you have to load up there propriatary windows authorization client to do so. They do offer HTTPS however knowone at the bank seems to know about it.

    My impression was that they'd just switched. Their website now only describes the ssl method, and the support people had no trouble getting me a password. You're right about the proprietary encryption filter though--it was obnoxious. I think the idea was to make sure everybody had 128 bit security back when you had to jump through hoops to get that version of netcape. So while I trust 56 bit ssl at least as much as the proprietary gadget they'd bought, their hearts may have been in the right place.

    I've also been impressed with the signup mechanism. You call, ask to sign up, get authenticating secrets verbally, then they stick you in a queue where a computer tells you your temporary password. That way no employee sees or hears what it is. You then login and change it. Semi-instant gratification. :)

    In any case, their ssl interface works fine under Linux/Netscape, probably because they avoid all the cute clientside scripting.

    In contrast, I recently opened an account with Bank of America in part because they claimed to use SSL. They're even using JSP, but login in from Linux/Netscape causes an internal server error. Ouch. They said they were aware of the issue and were working on a fix; we'll see what that means in the next couple of weeks.

    Another silly thing is that while you can sign up for BofA's online banking online, they snailmail you your login password, which seems an entirely unreasonable delay. It doesn't add anything to security either: searching someone's mail (after sniffing the application) is usually *easier* than tapping their phone.

  15. Bank of America by Leebert · · Score: 1 · on OS-Independent Web Banking?

    I use Bank of America's web banking and it works fine for me. In fact, the fact that their web banking works under Linux is one of the few reasons I am still using them.

  16. Re:Bullies by Liesl · · Score: 1 · on Dialectizer Shut Down

    I went to Bank of America's contact page and wrote them a letter under the subject "comments and suggestions," telling them that I think they're being immature and wasting their time, and that they'll never get any of my business. I have a taste for drop-in-the-bucket protests, but I encourage others to join me anyway.

  17. Hey these corporate folks do listen... by red_shift · · Score: 1 · on Dialectizer Shut Down


    Don't bother boycotting in silence; express yourself.

  18. Re:Damn by Delphis · · Score: 2 · on Dialectizer Shut Down

    Send them some POLITE but to-the-point messages explaining how upset you are with them as a company. Taking business elsewhere is always a scare for businesses.

    Bank Of America Contact page

    Note: .. blind flaming accomplishes nothing, but sensibly made points made by 1000s of unhappy people might.
    --

  19. Bank of America commerce by gPocket · · Score: 1 · on Dialectizer Shut Down

    If you are sincerely opposed to Bank of America's attempted action against the Dialectizer, review your personal accounts and your credit cards and switch banks. The following is a list of cards that Bank of America distributes: BoA Credit Cards Check your wallets and see if the logo is on your credit card. Apply for a new credit card, do a transfer balance, and cut up the BoA credit card. Money talks. Remove your money from the bank and let them know why you did it. Perhaps suggest a formal apology to the author of the Dialectizer...

  20. Where I think the system breaks down by Just+Some+Guy · · Score: 3 · on House Passes Digital Signature Bill

    There's at least one critical point where esignatures are different from their real-life counterpart:

    Everyone over the age of five has a real-life signature.

    Let me explain why this is a problem by providing a true analogy.

    A certain bank (who shall remain nameless) has a pretty nice online banking setup. The hole, though, is in their online signup procedure. How do you prove that you are indeed you? You simply provide your social security number, one of your account numbers (it doesn't matter which one), and your bank card number. For those of you less paranoid than myself:

    • A lot of people have their SSN printed on their checks for convenience, so if someone writes you a check, then you have two of the three required identifiers.
    • If they happen to also pay you with a bank card, then voila, you're three-for-three.

    Think of all the places where people are likely to have used both checks and check cards, such as grocery stores they frequent, motels they're staying at, etc. Now, think of how much the employees who handle your financial information actually get paid. Nervous yet? Good!

    Here's the fun part: once J. Random Minimum-Wage has all three of your identifiers, they can do you the additional service of setting up your online banking for you. Keen, huh?

    Until the day you decide to take the leap and start using the service yourself, your accounts are compromised, and you've never noticed.

    To tie this in to the topic at hand, I wonder what sort of proof you'll have to offer to establish an esignature? If I decide that it's pretty likely that you'll never use yours, what's going to stop me from setting it up for you?

    Now, multiply this scenario by the number of people who don't have the slightest contact with computers, and I think we might have a problem.

    Did you think that "The Net" was creepy? Wait until I create the esignature you never bothered with and use it to sign for a few credit cards.