[145645] in cryptography@c2.net mail archive
RE: Has there been a change in US banking regulations recently?
daemon@ATHENA.MIT.EDU (eric.lengvenis@wellsfargo.com)
Fri Aug 13 11:51:25 2010
From: <eric.lengvenis@wellsfargo.com>
To: <pgut001@cs.auckland.ac.nz>, <cryptography@metzdowd.com>
Date: Fri, 13 Aug 2010 09:05:50 -0500
In-Reply-To: <E1Ojsus-0003Z8-Bp@wintermute02.cs.auckland.ac.nz>
On Fri, 13 Aug 2010 23:59:18 +1200 Peter Gutmann <pgut001@cs.auckland.ac.nz=
> wrote:
> As part of a thread on another list, I noticed that Bank of America,=20
> who until recently didn't bother protecting the page where users are=20
> expected to enter their credentials with anything more substantial=20
> than a GIF of a padlock, now finally use HTTPS on their home page, and=20
> redirect HTTP to HTTPS (this only took them, what, about ten years to=20
> get right? Or is it fifteen? When did BofA first get a web=20
> presence?). Wachovia now do it too. And Citibank at least redirect=20
> you to an HTTPS page. And so does US Bank, after asking for your ID.
>=20
> What on earth happened? Was there a change in banking regulations in=20
> the last few months?
I'm usually pretty up-to-date on these regulations and I'm not aware of any=
recent changes. As for Wachovia's changes, you'll notice that it now says =
"A Wells Fargo Company" in smaller print beneath the Wachovia logo. That's =
the reason for their switch; our name on their (our?) site. Unfortunately, =
it appears that not all is working right. If you go to http://wachovia.com =
it redirects to https://www.wachovia.com just fine, but if you type in http=
s://wachovia.com it does not redirect you and your browser will throw a dom=
ain name mismatch error because the certificate is for www.wachovia.com (Co=
nfirmed on IE8, Firefox 3.5, and Chrome 5). The browser treat these as near=
apocalyptic errors with huge warnings. Firefox especially. I've notified t=
he appropriate people.=20
Eric Lengvenis
Information Security Architect
Enterprise Information Security Architecture (EISA)
This message may contain confidential and/or privileged information. If you=
are not the addressee or authorized to receive this for the addressee, you=
must not use, copy, disclose, or take any action based on this message or =
any information herein. If you have received this message in error, please =
advise the sender immediately by reply e-mail and delete this message. Than=
k you for your cooperation.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
