[HTTPS-E Rulesets] rules for La Caixa

[Israel Planagumà]

Hi everybody,

 

La Caixa is the biggest savings bank in Europe,  yet it is still possible to
log in from a non-encrypted address! Click here
<http://portal.lacaixa.es/home/particulars_ca.html>  to verify this.
Therefore, it is possible for hackers to steal user and password information
and see account information from users. Although wire transfers and other
operations are subject to a secondary layer of passwords, and obviously
after logging in the connection becomes https so these passwords wouldn’t be
easily stolen, it would still be possible to do some social engineering
calling the bank while seeing all the account information. Anyways, the fact
that somebody can see other people’s account information is grave enough.

 

<ruleset name="Caixa d'Estalvis i Pensions de Barcelona (La Caixa)">

  <target host="lacaixa.es" />

  <target host="*.lacaixa.es" />

  

  <rule from="^http://lacaixa\.es/" to="https://lacaixa.es/"/>

  <rule from="^http://([^/:@]*)\.lacaixa\.es/" to="https://$1.lacaixa.es/"/>

</ruleset>

 

I am no programmer or techie, just an advanced user interested in security.

 

Israel Planagumà

 <mailto:israelplanaguma at gmail.com> israelplanaguma at gmail.com

+34 600753860

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/https-everywhere-rules/attachments/20110202/13d16265/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lacaixa.xml
Type: text/xml
Size: 287 bytes
Desc: not available
URL: <http://lists.eff.org/pipermail/https-everywhere-rules/attachments/20110202/13d16265/attachment.xml>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2834 bytes
Desc: not available
URL: <http://lists.eff.org/pipermail/https-everywhere-rules/attachments/20110202/13d16265/attachment.bin>