Brian L Johnson brian at
Wed May 6 23:02:38 BST 2015

On Wed, 06 May 2015 17:41:20 +0100, Francis Davey <fjmd1a at> wrote:

> Thoughts? I am keen not to have my bank account hacked.

Apart from using weak crypto, the main issue appears to be that some  
elements of the page are insecure.

In Chrome's words:

"Your connection to the site is encrypted, but Google Chrome has detected  
mixed content on the page. Be careful if you're entering information on  
this page. Mixed content can provide a loophole for someone to manipulate  
the page. This content could be third- party images or ads embedded on the  

So, if someone inserts an ad which is designed to look like the box where  
you enter your username and password...


More information about the ukcrypto mailing list