Full Disclosure mailing list archives
Re: http://www.chase.com/ vulnerability
From: "Perry E. Metzger" <perry () piermont com>
Date: Fri, 28 May 2004 15:46:16 -0400
"Brandon" <b_buckley () comcast net> writes:
Wells Fargo and Bank of America have similar home pages, although they do offer a secure login page, I'm sure most users don't bother using it.
So does Chase (if you bother learning how to get to it, which they don't make obvious.) American Express appears to have a brilliant setup where if you try to go to https://www.americanexpress.com/, it redirects you back to an http: based login page. If reload the login page with an https: request, you get a popup about it using an Akamai certificate. It is clear that some people are not paying attention here and they're heavily endangering their customer. -- Perry E. Metzger perry () piermont com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- http://www.chase.com/ vulnerability Perry E. Metzger (May 28)
- RE: http://www.chase.com/ vulnerability Brandon (May 28)
- Re: http://www.chase.com/ vulnerability Perry E. Metzger (May 28)
- RE: http://www.chase.com/ vulnerability gauntlet (May 28)
- <Possible follow-ups>
- RE: http://www.chase.com/ vulnerability Schmidt, Michael R. (May 28)
- Re: http://www.chase.com/ vulnerability Dark-Avenger (May 28)
- Re: http://www.chase.com/ vulnerability Perry E. Metzger (May 28)
- RE: http://www.chase.com/ vulnerability James Patterson Wicks (May 29)
- Re: http://www.chase.com/ vulnerability Perry E. Metzger (May 29)
- Re: http://www.chase.com/ vulnerability http-equiv () excite com (May 29)
- RE: http://www.chase.com/ vulnerability Brandon (May 28)