Banks Shifting Logins to Non-SSL Pages
Posted by creining | Filed under Security
Banks Shifting Logins to Non-SSL Pages as my local bank recently did. One day, I noticed that they had added a section to enter credentials for online banking to their main page which was HTTP. I was concerned as I immediately thought that they were (insanely) doing plaintext HTTP with customers credentials. But upon further investigation, I found that they were using the HTTP method CONNECT to connect to the SSL-ified login page, which is safe.
Comments are closed.