<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-8859-1"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=CA link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-US>Hi everybody,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>La Caixa is the biggest savings bank in Europe, yet it is still possible to log in from a non-encrypted address! Click <a href="http://portal.lacaixa.es/home/particulars_ca.html">here</a> to verify this. Therefore, it is possible for hackers to steal user and password information and see account information from users. Although wire transfers and other operations are subject to a secondary layer of passwords, and obviously after logging in the connection becomes https so these passwords wouldn’t be easily stolen, it would still be possible to do some social engineering calling the bank while seeing all the account information. Anyways, the fact that somebody can see other people’s account information is grave enough.<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><ruleset name="Caixa d'Estalvis i Pensions de Barcelona (La Caixa)"><o:p></o:p></p><p class=MsoNormal> <target host="lacaixa.es" /><o:p></o:p></p><p class=MsoNormal> <target host="*.lacaixa.es" /><o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal> <rule from="^http://lacaixa\.es/" to="https://lacaixa.es/"/><o:p></o:p></p><p class=MsoNormal> <rule from="^http://([^/:@]*)\.lacaixa\.es/" to="https://$1.lacaixa.es/"/><o:p></o:p></p><p class=MsoNormal></ruleset><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US>I am no programmer or techie, just an advanced user interested in security.<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=ES-TRAD style='color:#1F497D;mso-fareast-language:CA'>Israel Planagumŕ<o:p></o:p></span></p><p class=MsoNormal><span lang=ES-TRAD style='color:#1F497D;mso-fareast-language:CA'><a href="mailto:israelplanaguma@gmail.com"><span style='color:blue'>israelplanaguma@gmail.com</span></a><o:p></o:p></span></p><p class=MsoNormal><span lang=ES-TRAD style='color:#1F497D;mso-fareast-language:CA'>+34 600753860<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>