Network World

Weblogs
Search / DocFinder:
Advanced search
Home
Research Centers
Applications Convergence / VoIP LANs / Routers Network Management Network Storage Operating Systems Security Servers / Data Center Small / Med. Business Wide Area Network Wireless / Mobile
News Events Buyer's Guides
Vendor Solutions
White Papers Special Reports Webcasts Partner Sites  -Secure Routing  -ProCurve Networking  -Enterprise Security  -Software Dimension  -Application Acceleration  -IT Agility  -Networking Solutions
Site Resources
Product Tests Buyer's Guides NEW Video Library Demo.com Careers Newsletters This Week in Print Opinions Blogs Podcasts Encyclopedia Forums RSS Feeds Special Issues Network Life
About Us NW Subscription
Special Issues

Signature SeriesEnterprise All-Stars
Enterprise All-Stars NEW

You in action
You in action

New Data Center The New Data Center: Wireless & Mobility
Wireless & Mobility NEW

The New Data Center: Server Virtualization
Server Virtualization
NetworkWorld.com > Weblogs >

Welcome | Gearblog archives     Search   RSS feed  

NOTE:
Gearblog has morphed into Gibbsblog. All new postings, same great Gibbs. Come on over!

Banks change customer logins and Cisco IDS flaw


By Gearhead, NetworkWorld.com, 08/23/05

Two interesting items from Netcraft:

  • Banks Shifting Logins to Non-SSL Pages: "After years of training customers to trust only SSL-enabled sites, banks are shifting their online banking logins to the unencrypted home pages of their websites. Although the data is encrypted once the user hits the "Sign In" button, the practice runs counter to years of customer conditioning, as well as the goals of the browser makers. Three of the five largest U.S. banks now display login forms on non-SSL home pages, including Bank of America, Wachovia and Chase, as well as financial services giant American Express ... Web sites are generally reluctant to use "https" on busy home pages, since SSL involves a tradeoff: improved security, but slower response time. Consumers, meanwhile, prefer easy to-remember URLs for their online banking. In placing login screens on non-SSL home pages, banks are trying to have it both ways: fast page loading without the SSL-related performance hit. The login form's "action" URL points to an SSL-enabled https URL." .... more.
  • Cisco Intrusion Detection Products May Allow Intrusion: "A Cisco security flaw may allow attackers to hack into systems through the intrusion detection system (IDS), Cisco warned Monday in an advisory. An SSL certificate-checking flaw in two Cisco products - CiscoWorks Management Center for IDS Sensors (IDSMC) and Monitoring Center for Security (Secmon) - could allow an attacker to spoof an IDS system and gain access to sensitive data. SSL certificates are used to authenticate Cisco devices and services as they interact with one another. ... A free software update that corrects the flaw is available from Cisco." ... more.

Back to Gearblog

Comments

Newsletters
Sign up for one of NWW's Application newsletters.
Web Applications
Network Optimization
Network Systems Management
Network/Systems Management News Alert
View all newsletters
Email Address:

Vendor Solutions

White Papers

Managing the Tidal Wave of Data Tivoli Storage Management
- IBM

IBM ISS X-Force Threat and Risk Report
- IBM

A Shot Across the Bow of Dell and HP
- Lenovo

More...

Special Report

Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009 - F5 Networks
The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.

Research Centers: Applications | Application Development | Applications-Standards | Applications Vendor Solutions | Collaboration | CRM / ERP | Databases | Directories | Grid Computing | Java | Messaging | .Net | RFID | SOAP | Web Services | XML | Convergence & VoIP | Convergence Regulatory | Convergence Services | Convergence Standards | Convergence VoIP Vendor Solutions | Video | IP PBX | SIP | VoIP | VoIP Services | E-Business | DNS | RFID | Supply Chain | Web security LANs & Routers | Acceleration | Gigabit Ethernet | Lans-Standards | Routers | Wireless LANs | Network Management | Application Management | Desktop Management | Management Test Patch Management | Operating Systems | Linux | NetWare | Unix | Windows Outsourcing | Managed Services | Offshoring Security | Firewalls - VPN - Intrusion | Identity management | Patch Management | Microsoft Security | Privacy | Security Standards | Spam & Phishing | Viruses & worms | Web Security | Wireless Security | Servers & Desktop | Backup-Recovery | DataCenter | Desktops | Desktop Management | Grid | Servers | Server Blades | Servers Desktops | Utility Computing | Small & Medium Business | Broadband | Telework | Handhelds & PDAs | Home Networking | Security | Storage | Compliance | Infiniband | Network-Attached Storage | SANs | Storage Management | Storage Virtualization | Virtualization | Vendor News | Bankruptcy | Earnings | Lawsuits | Layoffs | Standards | Start Ups | Vendor Markets | Education | Financial | Healthcare | HIPAA | Manufacturing | Retail | Wide Area Network | Broadband | Carriers | Frame Relay | Metro Ethernet | MPLS | Service providers | Wireless services | Wireless & Mobile | Wireless LANs | PDAs & handhelds | Wireless Security | Wireless Services | Wireless Standards | Wireless Switches | All Company Profiles
IDG Network: Computerworld CSO Darwin Demo GamePro GameStar.com GamerHelp.com Infoworld
IT Careers IT World Canada JavaWorld.com LinuxWorld Macworld MacCentral.com Outsourcing World PC World Playlistmag.com