Re: TrustBar and insecure sites of PayPal, MS Passport, Yahoo!, Chase, ...

["David Wall @ Yozons, Inc." <dwall () yozons com>]

> PayPal redirects to SSL site once you hit the `log in` link, but it also
> asks users for userid and password directly at its (unprotected) homepage,
> http://www.paypal.com.

This doesn't hold true for me.  If I type in www.paypal.com or paypal.com
into my browser, it redirects to HTTPS right away.

Also, SSL for the login page itself is technically not needed.  It's where
it POSTs to that matters.  Security is confusing and I agree that making
things more explicit is better.

David