[Dshield] Banks Shifting Logins to Non-SSL Pages

John B. Holmblad jholmblad at aol.com
Tue Aug 23 16:02:26 GMT 2005


with the profileration of wireless hot spots, few of which as of now 
provide strong authentication of the Acces Point/Service provider to the 
client, it would seem that a MIM attact from so-called "evil twin" AP 
against users of www sites such as AMEX. Chase, etc would present  a 
greater risk than if these financial service providers continued to 
utilize ssl from the get go.

Best Regards,

John Holmblad

Televerage International

(H) 703 620 0672
(M) 703 407 2278
(F) 703 620 5388

primary email address:     jholmblad at aol.com
backup email address:      jholmblad at verizon.net

More information about the list mailing list