The `Unprotected Login`
Inter-Net Fraud League (I-NFL) Hall of Shame
Last updated: Tuesday, September 20, 2005
Found
more sites, an error, or a secure version? Join our
contributors, update the Inter-Net Fraud League
Commissioner:
Amir Herzberg (I-NFL Commissioner and
developer of
TrustBar – improving browsing security)
Associate Professor, Dept. of Computer Science, Bar Ilan University and proud member of DigiCrime, Inc.
The information here is based on my observations and professional experience, and presented only for educational and research purposes. It is not a recommendation to use or not use any particular service, and may be outdated or mistaken. Please inform me of errors
Type |
Unprotected login sites (* sites: TrustBar automatically redirects to a protected login!) |
-- |
-- |
Banks and financial institutions |
PayPal *(apparently only from outside US), Chase*, SmithBarney* (CitiGroup), Bank of America* (also BoA with wrong domain), TD Waterhouse*, Amex*, FirstCommand Bank, MidFirst Bank* Wachovia*, Washington Mutual (WaMu), Zions, Lasalle* (of ABN AMRO, similar site – but unprotected…), USBank* |
Security services (single sign on, CA) |
|
Portals, webmail, etc. |
|
Merchants, eZines, others |
Amazon, New York Times, Travelocity |
Protected login sites, but not identified using their corporate name (e.g. identified using a web service provider) |
CityBank, CapitalOne |
Some screenshots (most using FireFox with TrustBar for improved security indicators)
Banks and Financial Institutions |
Security and other (insecure) login sites |
|
|
|
|
|
|
|
|
|
|
Contributions to the Hall of Shame
Please inform us of additional unprotected login pages, or of current entries that appear to be protected (this could be a mistake, a fixed site, or a geography-dependant site, e.g. PayPal). To contribute, it is best if you copy the I-NFL Commissioner on a letter (physical or e-mail) sent to the company, asking them to protect their site and informing them that if they don't, it will be listed in the Hall of Shame. [But if you are lazy, just send me e-mail.] Please also send me any responses from the company.
The following individuals have contributed entries: Yehuda Lindell, Libby Berkovitz, Ricardo Camba and Aviv Sinai. Thanks!!
Notes: