{"id":328,"date":"2005-08-23T00:00:00","date_gmt":"2005-08-23T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2005\/08\/23\/banks-abandoning-ssl-on-home-page-log-ins\/"},"modified":"2021-12-30T11:37:02","modified_gmt":"2021-12-30T11:37:02","slug":"banks-abandoning-ssl-on-home-page-log-ins","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2005\/08\/23\/banks-abandoning-ssl-on-home-page-log-ins\/","title":{"rendered":"Banks abandoning SSL on home page log-ins"},"content":{"rendered":"<p>Some of the biggest banks have abandoned the practice of posting their online account log-in screens on SSL-protected pages in an effort to boost page response time.&nbsp; Some of the biggest banks have abandoned the practice of posting their online account log-in screens on SSL-protected pages in an effort to boost page response time and guide users to more memorable URLs, a U.K. Web performance firm said.<\/\n<\/p>\n","protected":false},"excerpt":{"rendered":"<div align=\"left\">Netcraft noted that three of the largest banks in the U.S. &#8212; Bank of America, Wachovia, and Chase &#8212; as well as credit card giant American Express, now display their log-in forms on home pages not locked down with Secure Socket Layer (SSL).&nbsp; The username and password are still encrypted when sent to the bank&#8217;s server, however; the form&#8217;s Submit or Login button points to an SSL-enabled &#8220;https&#8221; URL.<\/div>\n<div align=\"left\">&nbsp;<\/div>\n<div align=\"left\">But as Netcraft noted, Microsoft took the practice to task as long ago as April, when in an entry on the Redmond, Wash.-based developer&#8217;s official Internet Explorer blog, program manager Eric Lawrence wrote that the idea was flawed and could be exploited by &#8220;man-in-the-middle&#8221; attacks.<\/div>\n<div align=\"left\">&nbsp;<\/div>\n<div align=\"left\"><a href=\"http:\/\/www.informationweek.com\/story\/showArticle.jhtml?articleID=169600305\">http:\/\/www.informationweek.com\/story\/showArticle.jhtml?articleID=169600305<\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-328","post","type-post","status-publish","format-standard","hentry","category-financial"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/328","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=328"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/328\/revisions"}],"predecessor-version":[{"id":2815,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/328\/revisions\/2815"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}