Table of contents
What are you thinking of? A honeypot that redirect mybank.com to a hacker controlled domain such as myb4nk.com, hoping the user doesn't realize the redirection? It could potentially work but that seems like a lot of work just to target random people on a public wifi hoping that they visit one of the domains you spoofed. Source: over 1 year ago
So how does the browser extension/plugin decide which usernames/passwords to show you? It decides based on the URL -- this assumes that you gave the password manager the correct URL for each entry (e.g., for my bank I would give it https://mybank.com). Source: over 1 year ago
Without deep inspection, the Fortigate will see: https://mybank.com. Source: over 1 year ago
So if you go to https://mybank.com, the DNS lookup is done via the VPN provider. Source: over 1 year ago
IE instead of asking me to log on to mybank.com it asked me to logon to e.mybank.com. Source: over 2 years ago
It does, and it does this as the default behavior. If mybank.com wants to allow somewhereshady.com, then it must explicitly do so. In other words, by default your browser will prevent somewhereshady.com from calling mybank.com, unless mybank.com has configured its site to allow traffic from mybank.com. Source: over 2 years ago
Imagine you open your browser to www.somewhereshady.com. You load the page and it tries to run some javascript that does some nasty things. Let's say it tries to access your email or your bank using cookies or other information you have saved/input in your browser. Without CORS, it would be able to do those things. CORS is a mechanism that prevents somewhereshady.com from making calls to mybank.com, unless... Source: over 2 years ago
I do not want to trust anyone by myself. Of course I use come common sense: while I might or might not connect to my bank when I connect to https://mybank.com, they do 2FA, so I take my chances here. If they are not mybank, then cannot log me in and they cannot use the login information I just sent them (if 2FA is done right and I entered the URI). Source: over 2 years ago
In our console we're able to whitelist or add exceptions for sites which allow them to pass right through and they receive their valid certificate, such as whitelisting https://mybank.com instead of the certificate signed by my org I would see the certificate signed by mybank . We've had lots and lots of weird quirky stuff because of this SSL stuff, it makes it really annoying to troubleshoot as well because our... Source: over 2 years ago
When you visite a HTTPS web site, like https://mybank.com/, the proxy will put itself in the middle. It will establish a HTTPS connection with your browser generating on the fly a certificate for mybank.com. It will replay (and possibly monitor or log) all you traffic on a new connexion, from the proxy to mybank.com. Source: over 2 years ago
Web security is based in part on the concept that websites are signed with certificates that your web browser can verify are not fraudulent. Someone on a public wifi network could try to intercept all of the traffic to mybank.com and redirect it to their fake bank instead. But your web browser will catch that, and it will warn you. You'll get an error like this:. Source: almost 3 years ago
Do you know an article comparing MyBank to other products?
Suggest a link to a post with product alternatives.
This is an informative page about MyBank. You can review and discuss the product here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.
