Researcher warns that banking sites are insecure
Johannes Ullrich, chief research officer for the SANS Institute, warns that online banking sites may be needlessly endangering their customers, by making users login over the HTTP protocol rather than its more secure version, HTTPS. HTTPS uses the Secure Sockets Layer (SSL) protocol to encrypt data and to check digital certificates, which would allow banking customers to authenticate the bank's website. Banks can still encrypt login sessions with HTTP, but customers cannot be certain they are not logging into a spoof site. Ullrich argues that banks have no reason not to use SSL for logins. Some banks offer SSL as an option, but make it hard to find.
See also: http://isc.sans.org/diary.php?storyid=1277