Cahoot
Brian L Johnson
brian at thejohnsons.co.uk
Wed May 6 23:02:38 BST 2015
On Wed, 06 May 2015 17:41:20 +0100, Francis Davey <fjmd1a at gmail.com> wrote:
> Thoughts? I am keen not to have my bank account hacked.
Apart from using weak crypto, the main issue appears to be that some
elements of the page are insecure.
In Chrome's words:
"Your connection to the site is encrypted, but Google Chrome has detected
mixed content on the page. Be careful if you're entering information on
this page. Mixed content can provide a loophole for someone to manipulate
the page. This content could be third- party images or ads embedded on the
page."
So, if someone inserts an ad which is designed to look like the box where
you enter your username and password...
--
brianlj
More information about the ukcrypto
mailing list