The form action for password submission is https://online.statefarm.com/apps/sessionmgmt/LoginService.asp? and that very well may be secure, but the fact remains that they are training their users to submit insecurely.
Saturday, July 16, 2011
State Farm Encourages Living Dangerously
State Farm is another company that is trying to get customers to ignore TLS (or SSL for my fellow old-timers) by encouraging customers to log in from an apparently insecure page:
The form action for password submission is https://online.statefarm.com/apps/sessionmgmt/LoginService.asp? and that very well may be secure, but the fact remains that they are training their users to submit insecurely.
The form action for password submission is https://online.statefarm.com/apps/sessionmgmt/LoginService.asp? and that very well may be secure, but the fact remains that they are training their users to submit insecurely.
Subscribe to:
Post Comments (Atom)
1 comment:
this assumes a standard user has any clue of ssl/ tls. i did an exchange server implementation that only worked in ssl (https:) and had so many calls of people that could not connect i eventually setup an auto-redirect to deal with them typing in http. how many calls warrant this?
Post a Comment