[Dshield] Banks Shifting Logins to Non-SSL Pages

John B. Holmblad jholmblad at aol.com
Tue Aug 23 16:02:26 GMT 2005


Stephane,

with the profileration of wireless hot spots, few of which as of now 
provide strong authentication of the Acces Point/Service provider to the 
client, it would seem that a MIM attact from so-called "evil twin" AP 
against users of www sites such as AMEX. Chase, etc would present  a 
greater risk than if these financial service providers continued to 
utilize ssl from the get go.

-- 
Best Regards,

John Holmblad

Televerage International
GSEC Gold,GCWN Gold,GGSC-0100,NSA-IAM

(H) 703 620 0672
(M) 703 407 2278
(F) 703 620 5388

primary email address:     jholmblad at aol.com
backup email address:      jholmblad at verizon.net



More information about the list mailing list