close

Privacy guaranteed - Your email is not shared with anyone.

Welcome to Glock Talk

Why should YOU join our Glock forum?

  • Converse with other Glock Enthusiasts
  • Learn about the latest hunting products
  • Becoming a member is FREE and EASY

If you consider yourself a beginner or an avid shooter, the Glock Talk community is your place to discuss self defense, concealed carry, reloading, target shooting, and all things Glock.

Is AmSouth's on-line bank web site secure?

Discussion in 'Tech Talk' started by NRA_guy, Jul 7, 2005.

  1. NRA_guy

    NRA_guy Unreconstructed

    1,704
    0
    Jun 20, 2004
    Mississippi, CSA
    I think AmSouth's on-line bank web site is not secure.

    It is here AmSouth

    Note that the site where you enter your ID and password at the top right is not secure (not "https").

    You type in your ID and password in the "http" site then hit "login". Then it takes you to a secure web site.

    I think the login site should be secure to protect my ID and password.

    I emailed them and got back a "thank you for your comment, we have addressed your concerns" response. But they did not change it.

    I'm concerned.

    Should I be?
     
  2. EvilGenius

    EvilGenius

    76
    0
    Aug 1, 2004
    Austin, TX, USA
    Well, I bank online at Wells Fargo and they do the same thing. I'd like it to be different, but it's not.
     


  3. Toyman

    Toyman

    2,597
    20
    May 6, 2003
    West Michigan
    The HTML references https://ibank.amsouth.com all over the place. It redirects to the secure server. My bank does it this way as well as many other sites.
     
  4. NRA_guy

    NRA_guy Unreconstructed

    1,704
    0
    Jun 20, 2004
    Mississippi, CSA
    Yeah it takes you to a secure web site but only after you enter the ID and password, but you are entering your access info into a non-secure web site.

    PS: Your initial ID for the AmSouth web site is your Social Security Number until/unless you log in and change it. Some folks will never change theirs.
     
  5. David_G17

    David_G17 /\/\/\/\/\/\/\/

    2,046
    0
    Oct 7, 2002
    yeah, it's secure.

    even though most browsers will throw a caution message, it is.

    it's inside of an iframe, and when you click "log in" it doesn't just send the password and login name as plain text. since it's creating a connection with a secure site it's ok.

    we had the same problem on a banking site i helped build. same issue came up. we even tried packet sniffing to try and hack it. it's secure.
     
  6. jpa

    jpa CLM

    7,997
    93
    May 28, 2001
    Las Vegas NV
    https://ibank.amsouth.com/tether/ibanklogon.asp

    This is the url for that individual frame of the index page. I'm assuming the main page being straight http is to take the load off the ssl server while still being convenient enough to log in from the main page.
     
  7. NRA_guy

    NRA_guy Unreconstructed

    1,704
    0
    Jun 20, 2004
    Mississippi, CSA
    OK, thanks, guys.

    I'll stop worrying about it.
     
  8. David_G17

    David_G17 /\/\/\/\/\/\/\/

    2,046
    0
    Oct 7, 2002
    Apparently others are worried too. I just found this:
    http://news.netcraft.com/archives/2005/08/23/banks_shifting_logins_to_nonssl_pages.html
     
  9. NRA_guy

    NRA_guy Unreconstructed

    1,704
    0
    Jun 20, 2004
    Mississippi, CSA
    Hmmm. So the big banks are sacrificing my banking security for their profit margin.

    Hard to believe, huh?

    Thanks.