I just found out some very disturbing news. Even after a “major systems upgrade,” our bank is still running its online banking system from Microsoft Windows machines running the known to be insecure IIS web server. And I’ve been sending my login credentials to this system for years, and even making transfers between accounts and paying bills from this insecure online banking system. It’s easy to see that ssl encryption is no guarantee of security, especially when viruses can easily destroy and compromise sensative personal and financial information stored on the underlying operating system and web server infrastructure. I urge everyone to check the http headers and served files on your banking website, or the website of the bank you are thinking of doing business with in the future. If you see asp or aspx in the address bar in your browser, or if you see “Microsoft IIS” or anything similar in the http headers, run the other way, or don’t do your online banking from their website. Also, if this is your current bank, try to call or message them. Do your best to get someone on the phone or in an e-mail or secure message conversation who can determine policy at the bank, and try to convince them that their insecure online banking system could cause unintentional harm to their customers and their account information and other personal financial data. I would recommend convincing their IT department or whoever works with the online banking system to migrate to a Unix-like operating system such as Linux or FreeBSD. It is much easier to keep these systems up and running, and it is much easier to keep them properly secured against viruses and other malicious attempts to compromise personal data or even the underlying operating system.