[HTTPS-E Rulesets] rules for La Caixa
Seth David Schoen
schoen at eff.org
Mon Feb 7 11:43:59 PST 2011
Israel Planagumà writes:
> Hi everybody,
>
> La Caixa is the biggest savings bank in Europe, yet it is still possible to
> log in from a non-encrypted address! Click here
> <http://portal.lacaixa.es/home/particulars_ca.html> to verify this.
Thanks!
What I found particularly amazing was that if you _SUBMIT_ the login form,
you get an HTTPS page with mixed content. It seems like this bank hasn't
learned to implement HTTPS properly yet.
Your rule seemed to fix what I could see on their site, including the mixed
content problems, although I don't have an account with this bank so I can't
test very much functionality.
--
Seth Schoen
Senior Staff Technologist schoen at eff.org
Electronic Frontier Foundation https://www.eff.org/
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the HTTPS-Everywhere-Rules
mailing list