Security question - how is this possible?
On Bank of America's site they have a sign in box to their online banking on the home page.
I want to know, how is this secure? This would surely mean that the informattion typed in to the Online ID and passcode fields are not encrypted by 128 bit SSL when they are sent to the https page. Normally, you have to click through to https hosted page and THEN sign on from there, safe in the knowledge that the details are encrypted properly.
Is this secure?
Can you explain how they have managed to get around this?
I'm mystified. I've had a look at the source code of the page, and I can't really see any client-side masking of the details (and even if I did see that I'd question just how secure this is)