I have a few credit cards. One of them I pay online at chase.com. I have noticed that when you submit your user/password, you are submitting them to an SSL session however the login form is not served from within an SSL session. Since you are not within an SSL session when you are entering the credentials, is your data still safe?
This seems to be the only instance I have ever seen of a site that uses SSL where the actual login form is not served from within the SSL session.
This seems to be the only instance I have ever seen of a site that uses SSL where the actual login form is not served from within the SSL session.