[IP] It seems that even "secure" financial transactions with InternetExp:
[An exploit that uses IE] watches for HTTPS (secure) access to URLs of several dozen banking and financial sites in multiple countries. When an outbound HTTPS connection is made to such a URL, the BHO then grabs any outbound POST/GET data from within IE before it is encrypted by SSL. When it captures data, it creates an outbound HTTP connection to http://www.refestltd.com/cgi-bin/yes.pl and feeds the captured data to the script found at that location.
There are only two choices left with IE: Either don’t browse the web with it, or don’t use it for financial transactions.
The post goes on to list the URLs for Opera, Mozilla, and Firefox as options for Windows users.
This is really bad. All the effort spent building trust in secure transactions and the security of an online marketplace is at risk. And of course the well-crafted Windows EULA disclaims any responsibility for any harm or loss stemming from the use of their products. I wonder how this affects websites who may lose trade as a result of people opting out of shopping online?
Of course, later in the day, I realized that the legal policy center I worked at most of last year would be interested in this, having been constituted to look at issues at the convergence of law, commerce and technology. But then, they were bankrolled with 1 million dollars in MSFT money and were actively looking for more when I left: I suspect this might be too hot to handle, even if they were interested. They gave an award to Judge Betty Fletcher of the Ninth Circuit last year, for her work in freeing public key cryptography and making online commerce possible.