SSL > Banks Abandoning SSL On Home Page Log-Ins > August 23, 2005" href="http://www.informationweek.com/story/showArticle.jhtml?articleID=169600305">InformationWeek > SSL > Banks Abandoning SSL On Home Page Log-Ins > August 23, 2005
Interesting story noting that some big financial players in the US are changing their banking login pages from SSL for the whole page, to just creating an SSL session when the credentials are submitted...
The obvious point is made in the story, that this makes a Man in the Middle attack against the bank far easier as the content of the page can be modified without any pesky encryption getting in the way...


raesene

Security Geek, Penetration Testing, Docker, Ruby, Hillwalking