I have been a memeber of NFCU since I joined the US Navy 20 plus years ago. And I hate to say that I have used their site on a daily basis and never once noticed the issue with the home page being unsecure. While the login information is sent secure once you have clicked on the submit button, the page itself is not. Therefore as Scott Jarkoff states this site is ripe for a phising scam.
When I visted the site today after reading the article I noticed a new “Security” link under the logon area. Clicking the link brings up a pop up window which goes about stating the Home Page is not secured by HTTPS but that the information entered is transmitted securely. Security FAIL!
A user can access a secure NFCU logon site by leaving the logon information blank and clicking the submit button, which drops you on to the expected HTTPS secure log on.
Read the whole post as well as a demand from RSA, which oversees NFCU security.
