Is SSL protection active without padlock in Explorer Task Bar?

Discussion in 'Security Software' started by Nick, Jul 8, 2005.

  1. Nick

    Nick Guest

    One of my banks has gone to a new internet banking supplier. They have a new
    online banking site that does not have the SSL padlock symbol displayed in
    the explorer task bar. They have a picture of the padlock up in the graphics
    next to the sign-on and password boxes displayed on their signon page, but
    none down where I have been accustomed to looking to see if the data was
    secure. They (the Bank) repeatedly tell me that entry is protected and once
    enter my password and get into the site the padlock will be there. They say
    this is safe, but I do not trust it.

    I am afraid that if the password is entered outside SSL protection that
    could be bad. Every other banking, credit card, and business site I use has
    the padlock protection symbol displayed in the task bar when the sign on
    pages are displayed.

    CAN THEY BE TRUSTED? Of should I find another bank?
     
    Nick, Jul 8, 2005
    #1
    1. Advertisements

  2. Does the URL in the browser show as https:// .. signifying a secure
    connection. If not, I personally would not sign in.

    Tom
    | One of my banks has gone to a new internet banking supplier. They have a
    new
    | online banking site that does not have the SSL padlock symbol displayed in
    | the explorer task bar. They have a picture of the padlock up in the
    graphics
    | next to the sign-on and password boxes displayed on their signon page, but
    | none down where I have been accustomed to looking to see if the data was
    | secure. They (the Bank) repeatedly tell me that entry is protected and
    once
    | enter my password and get into the site the padlock will be there. They
    say
    | this is safe, but I do not trust it.
    |
    | I am afraid that if the password is entered outside SSL protection that
    | could be bad. Every other banking, credit card, and business site I use
    has
    | the padlock protection symbol displayed in the task bar when the sign on
    | pages are displayed.
    |
    | CAN THEY BE TRUSTED? Of should I find another bank?
     
    Tom Pepper Willett, Jul 8, 2005
    #2
    1. Advertisements

  3. Nick

    Nick Guest

    Thank you for your reply, Tom;
    No, There is no HTTPS; in front of the URL. I forgot to mention that was
    the other tipoff that there was a problem. By the way you can look the URL
    if you like, it is < http://www.centerstatebank.com/ > Notice the upper
    left signon box has a picture of a padlock. They say that means it is
    secure.

    The Bank says that the site will be HTTPS and be secure once I enter the
    signon and password. I said to them, my gut told me that if the page was not
    secure when I enter the SO/PW then my signon could be compromised. They come
    back that other online banking sites such as Wachovia also use this same
    approach. My response to them was, that I probably would not do my online
    banking with them either.

    Nick
     
    Nick, Jul 8, 2005
    #3
  4. Unless the first page was secure, which it is not, I don't see how the
    password information would be secure.

    In any event, if my bank did that, I would not use online banking, and would
    probably change banks.

    I make a lot of online purchases and I have never seen a page where you
    input a password that's not already behind the https security.

    Tom
    | Thank you for your reply, Tom;
    | No, There is no HTTPS; in front of the URL. I forgot to mention that was
    | the other tipoff that there was a problem. By the way you can look the
    URL
    | if you like, it is < http://www.centerstatebank.com/ > Notice the
    upper
    | left signon box has a picture of a padlock. They say that means it is
    | secure.
    |
    | The Bank says that the site will be HTTPS and be secure once I enter the
    | signon and password. I said to them, my gut told me that if the page was
    not
    | secure when I enter the SO/PW then my signon could be compromised. They
    come
    | back that other online banking sites such as Wachovia also use this same
    | approach. My response to them was, that I probably would not do my online
    | banking with them either.
    |
    | Nick
    |
    | "Tom Pepper Willett" wrote:
    |
    | > Does the URL in the browser show as https:// .. signifying a secure
    | > connection. If not, I personally would not sign in.
    | >
    | > Tom
    | > | > | One of my banks has gone to a new internet banking supplier. They
    have a
    | > new
    | > | online banking site that does not have the SSL padlock symbol
    displayed in
    | > | the explorer task bar. They have a picture of the padlock up in the
    | > graphics
    | > | next to the sign-on and password boxes displayed on their signon page,
    but
    | > | none down where I have been accustomed to looking to see if the data
    was
    | > | secure. They (the Bank) repeatedly tell me that entry is protected
    and
    | > once
    | > | enter my password and get into the site the padlock will be there.
    They
    | > say
    | > | this is safe, but I do not trust it.
    | > |
    | > | I am afraid that if the password is entered outside SSL protection
    that
    | > | could be bad. Every other banking, credit card, and business site I
    use
    | > has
    | > | the padlock protection symbol displayed in the task bar when the sign
    on
    | > | pages are displayed.
    | > |
    | > | CAN THEY BE TRUSTED? Of should I find another bank?
    | >
    | >
    | >
     
    Tom Pepper Willett, Jul 8, 2005
    #4
  5. Nick

    Paul Adare Guest

    microsoft.public.security news group, Tom Pepper Willett
    You'd need to look at the code behind the log in button. It is entirely
    possible that clicking that button opens an SSL session and then sends
    the user name and password through the SSL session.

    --
    Paul Adare
    MVP - Windows - Virtual Machine
    http://www.identit.ca/blogs/paul/
    "The English language, complete with irony, satire, and sarcasm, has
    survived for centuries without smileys. Only the new crop of modern
    computer geeks finds it impossible to detect a joke that is not clearly
    labeled as such."
    Ray Shea
     
    Paul Adare, Jul 8, 2005
    #5
  6. Nick

    Roger Abell Guest

    If what Paul indicates does not lead to a secure session,
    then I would have to question how well the information
    is protected once on their systems, not just there choices
    for getting info back and forth in a browsing session.
    Sort of the rock in the stream telling one about the mountain
    from which it came.
     
    Roger Abell, Jul 9, 2005
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.