To Times of India Editor:
Saw an article in the technology section of the TOI physical news paper on 17th April, 2014 about HeartBeat and SSL, it has lists of banks and other websites and the results from some tool.
Would be good if they update the website with note on banks, instead of just pulling the article.
The main domain of the banks like hdfcbank.com or icicibank.com when anyone who has used netbanking and looked a the address bar should know that the domain changes. and with that the certificate so for example icici is https://infinity.icicibank.co.in and HDFC is https://netbanking.hdfcbank.com/ why the difference - i dont know just the way it was implemented - maybe can change the link without affecting the main site. someone did it years back and just continued. with a sub domain can even have a different IP/ web server, more clustering options. And a sub domain needs a different certificate; so they put the grand security on this and the main site that is just links, marketing & help content.
Is incorrect to say icici has no ssl, please add this note that the sub domains where net banking happens does have (after testing it). I don't work for a bank nor a share holder but know something about server tech.
Really makes you think how much of what you report is true and how much is just ignorant, under researched or a way of getting back to people who are not advertising enough? Maybe vet these articles by paying tech savvy people to proof read first?
