Re: LOGIN INFO secure at wwww.americanexpress.CA?

From: Gary Smith <bitbucket@xxxxxxxxxxx>
Date: Sat, 17 Mar 2007 13:46:59 -0700

Mister.Fred.Ma@xxxxxxxxx wrote:

2nd line support left me a voicemail assuring me that he went through
a session, and all was secure. No mention was made of the fact that
the particular point of concern was securing the login info itself, as
well as the clear indication of having done so using standard security
indicators. So it isn't clear that the problem was properly
communicated; I would tend to think not, based on the misunderstanding
at front line support. An erroneous return phone number was
provided. The frustrating thing is that there is no email address to
raise this issue in documented manner, including documentation of the
tenuous communication. Hopefully, their anti-phishing email address
(the only one I can find) will forward this message to the right
department.

My guess is that the quality of support at Amex is such that they never
will understand the issue. That's true of most companies. I auapect that
the second line support person has no idea whether his session was secure
or not, and doesn't have the tools to determine the answer. A further
complication is that unless he was using a machine that was connecting
from outside their network, which is unlikely, his experience has no
relevance to yours.

In any case, I believe that I've done what I can to respond to the
issue, and I now leave it in their capable hands. Thanks once again
for pointing out the properly coded .COM webpage so that I can avoid
the problem on the .CA webpage.

You're welcome. I'm glad I could help, even if it was mostly by accident.

--
Gary L. Smith
Columbus, Ohio
.

References:
- Amex login info secure?
  - From: Mister . Fred . Ma
- Re: Amex login info secure?
  - From: Tom Willett
- Re: Amex login info secure?
  - From: Gary Smith
- Re: Amex login info secure?
  - From: Mister . Fred . Ma
- Re: Amex login info secure?
  - From: Gary Smith
- Re: Amex login info secure?
  - From: Mister . Fred . Ma
- Re: Amex login info secure?
  - From: Gary Smith
- LOGIN INFO secure at wwww.americanexpress.CA?
  - From: Mister . Fred . Ma

Prev by Date: Re: Address Bar not working
Next by Date: Re: Deleting all but one or two cookies
Previous by thread: LOGIN INFO secure at wwww.americanexpress.CA?
Next by thread: Re: Amex login info secure?
Index(es):
- Date
- Thread

Relevant Pages

Re: Reality Check: Session Hijacking
... I'm not putting hidden fields in http ... The user is always challenged when he starts to use a secure app, ... STARTS to use the secure app. ... And NOT from the session. ...
(comp.lang.php)
Secure website (cookie/session)
... Secure a part of my website. ... access to server settings (session timeout, security,...). ... do not lose time re-submitting it because the use was redirect to the ...
(microsoft.public.inetserver.iis.security)
Secure website (cookie/session)
... Secure a part of my website. ... access to server settings (session timeout, security,...). ... do not lose time re-submitting it because the use was redirect to the ...
(microsoft.public.inetserver.iis.security)
Researcher demonstrates SSL attack
... Moxie Marlinspike, who spoke at the Black Hat security conference on Wednesday, explained how to subvert an SSL session by performing a man-in-the-middle attack. ... The anarchist researcher explained in a YouTube video that the attack uses a tool developed called SSLstrip, which exploits the interface between http and https sessions. ... Secure Sockets Layer, and its successor Transport Layer Security, are cryptographic protocols used to encrypt communications over TCP/IP networks. ...
(alt.privacy)
Secure ASP.Net Sessions
... The current implementation has used 2 ASP.Net applications one secure and ... one insecure, to avoid the insecure session ID being hijacked ... In an ideal world I want the application to also handle the cookie less ... There should be 2 session IDs, one for insecure sessions and one for secure ...
(microsoft.public.dotnet.framework.aspnet.security)