[17397] in cryptography@c2.net mail archive
Re: AmEx unprotected login site (was encrypted tapes, was Re: Papersabout
daemon@ATHENA.MIT.EDU (Ben Laurie)
Wed Jun 8 10:49:31 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 08 Jun 2005 15:38:12 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: herzbea@macs.biu.ac.il
Cc: "Perry E. Metzger" <perry@piermont.com>,
Ian G <iang@systemics.com>, cryptography@metzdowd.com
In-Reply-To: <42A699A7.7030608@macs.biu.ac.il>
Amir Herzberg wrote:
> 3. They did not actually spell out the problem in using SSL in the
> homepage (like eTrade, for instance). But I think I know the reason
> (they didn't confirm or deny). I think the reason is that they host
> their site; in particlar, when I tried accessing it via https, I got an
> Akamai certificate... [I don't think they liked this observation; now
> you are led to the unprotected site]
This would appear to be an artefact. If you fetch the page you are
redirected to (http://home.americanexpress.com/home/mt_personal.shtml)
over HTTPS you'll find it is still an akamai server.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
