tag:blogger.com,1999:blog-5880225.post-1133619535960173242005-12-03T09:18:00.000-05:002005-12-29T07:56:59.106-05:00Bank of Amercia <br />stupid SiteKey login<br /><br /> - The login page is NOT encrypted<br /> - The sitekeys quuestions are facts that the bank does NOT need to know, and will only increase users exposure if a hacker accesses the bank computer<br /><br /> - WE MUST HAVE SSL at least for the login<br /> -- SSL encryption has been specifically designed for web site security, it is stupid that a bank decide not to use it for the most important phase of the connection (the login)<br /><br /><a href="http://blogs.washingtonpost.com/securityfix/2005/05/your_mugshot_ca.html#comments">Comments on the Washington Post</a><br /><br /><a href="Unwitting customers can click on a site thinking it's legitimate, and be taken to a site that resembles the one they want, but is controlled by phishers looking to steal their personal data.">Consumer complaints about</a>: "Unwitting customers can click on a site thinking it's legitimate, and be taken to a site that resembles the one they want, but is controlled by phishers looking to steal their personal data."<a href="http://blogs.washingtonpost.com/securityfix/2005/05/your_mugshot_ca.html#comments"></a><div class="blogger-post-footer">NicolaZordan.blogspot.com</div>Nicola Zordanhttp://www.blogger.com/profile/11936827591536729101noreply@blogger.com