From: "Geo." 

Why is this surprising, do you know anyone who has had their CC info stolen
because they weren't using an SSL connection? It's far more likely that
they are using SSL but to the wrong website.. (phishing)

Geo.

"Mike N."  wrote in message
news:562lv2hnm8b0sij5kan6167va7orp64070{at}4ax.com...
> It's hopeless - web designers have ruined web surfers by putting those
> stupid locks on the web page itself.  As a result, people have been
> trained
> not to even check the SSL lock.
>
> http://people.deas.harvard.edu/~rachna/papers/emperor-security-indicators-ban
k-sitekey-phishing-study.pdf
>
> "We evaluate website authentication measures that are
> designed to protect users from man-in-the-middle, 'phishing',
> and other site forgery attacks. We asked 67 bank
> customers to conduct common online banking tasks. Each
> time they logged in, we presented increasingly alarming
> clues that their connection was insecure."
>
>  My only observation is that there is a bit of the starving college
> student wanting to 'complete their assignment'.      Even so, it is still
> quite astonising.

--- BBBS/NT v4.01 Flag-5