Cahoot
Francis Davey
fjmd1a at gmail.com
Thu May 7 09:29:30 BST 2015
2015-05-06 23:02 GMT+01:00 Brian L Johnson <brian at thejohnsons.co.uk>:
>
>
> Apart from using weak crypto, the main issue appears to be that some
> elements of the page are insecure.
>
> In Chrome's words:
>
> "Your connection to the site is encrypted, but Google Chrome has detected
> mixed content on the page. Be careful if you're entering information on
> this page. Mixed content can provide a loophole for someone to manipulate
> the page. This content could be third- party images or ads embedded on the
> page."
>
> So, if someone inserts an ad which is designed to look like the box where
> you enter your username and password...
Thanks for all the responses (including this one). They all make perfect
sense. I'll try and send something to my bank about it but my guess is that
I'll have the expected canned response.
In the longer run, maybe I should switch banks.
--
Francis Davey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20150507/3ce2f4f7/attachment.html>
More information about the ukcrypto
mailing list