HDFC encourage spoofing

Sunil has a very good post titled “Banks that encourages spoofing

” bank’s online banking facility does not tell their users to follow these practices anywhere on their site, placing them amoung the hordes of other high-security-claiming insecure sites. This is not a big deal as most other secure sites are that way. But what is different about this bank(HDFC) is that they try make sure you never follow these practices even if you know these practices. When we go to the main page of their site and click on netbanking, they open a popup without an address bar. Now how does one know that this is the site they have intended to use? It does not now matter if the site is secure because a person who has spoofed the page can also have his own SSL cerficate and hence establish a secure connection (don’t tell me it will difficult to obtain one). “

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s