IE Devs Criticize Bank Security Vulnerabilities

mrcaseyj writes "A post on the IE blog criticizes some banks for no longer using secure connections for entire login pages and only encrypting the password as it goes back to the bank. This prevents simple password sniffing but doesn't prevent a man in the middle attack from replacing the unsecured login page with one that has disabled encryption. This is especially a problem if you are using an unencrypted wireless connection such as at a coffee shop, because hackers can easily use the airpwn package to intercept the login page and steal your password. An easy remedy for when a secure page isn't available is to enter a bad username and password which usually brings up a secure page telling you to try again. But can you really trust your money to a bank that doesn't even offer the option of a secure login page?"

Fixed it for ya!

[tomhudson]

"But can you really trust your money to a bank that doesn't even offer the option of a secure login page?""

But can you really trust your money to a web browser and operating system that are the most hijacked in the world?"

There, fixed it for you.

Geez

[MyLongNickName]

Damn! This is like Rosie O' Donnell calling you fat and obnoxious.

I remember 2005

Bush was President, we were at war in Iraq and Afghanistan, and Slashdot editors sucked.

One word answer: mattress

Just put your money in your mattress and avoid all those newfangled bank things.

Diebold

The ATM is Diebold! Jesus, I'm taking all my money out of the bank and stuffing it in my mattress!!