Comments on: Commonwealth Insecurity: Banking over HTTP http://www.orzeszek.org/blog/2009/03/20/commonwealth-insecurity-banking-over-http/ An inchoate upside-down perspective Tue, 09 Mar 2010 22:03:00 -0800 http://wordpress.org/?v=2.8.6 hourly 1 By: Online broker CommSec criticised for weak passwords, lack of SSL | Zero Day | ZDNet.com http://www.orzeszek.org/blog/2009/03/20/commonwealth-insecurity-banking-over-http/comment-page-1/#comment-28 Online broker CommSec criticised for weak passwords, lack of SSL | Zero Day | ZDNet.com Wed, 29 Apr 2009 15:47:46 +0000 http://www.orzeszek.org/blog/?p=245#comment-28 [...] best practices come a month after another security design flaw was exposed at the online broker - CommSec’s use of non-SSL frames pages potentially resulting in successful man-in-the-middle attacks. Sadly, the company is also not [...] [...] best practices come a month after another security design flaw was exposed at the online broker – CommSec’s use of non-SSL frames pages potentially resulting in successful man-in-the-middle attacks. Sadly, the company is also not [...]

]]> By: Force CommSec to Use HTTPS with NoScript http://www.orzeszek.org/blog/2009/03/20/commonwealth-insecurity-banking-over-http/comment-page-1/#comment-10 Force CommSec to Use HTTPS with NoScript Wed, 08 Apr 2009 04:01:54 +0000 http://www.orzeszek.org/blog/?p=245#comment-10 [...] 20 March 2008, I wrote about CommSec’s use of non-SSL frames pages for its online banking. Although the CommSec homepage is delivered using SSL with an Extended [...] [...] 20 March 2008, I wrote about CommSec’s use of non-SSL frames pages for its online banking. Although the CommSec homepage is delivered using SSL with an Extended [...]

]]>