[AusNOG] AU Major Banks and SHA-1
Scott Howard
scott at doc.net.au
Fri Jun 26 08:23:23 EST 2015
You forgot to mention :
Westpac - maximum 6 digit passwords for Internet Banking. No special
characters allowed. No upper/lower case distinction. (But at least it's
better than their 3 digit phone PINs)
SSL is pretty much the least of Westpac's problem when it comes to Internet
Banking security...
Scott
On Thu, Jun 25, 2015 at 3:14 PM, Matthew Moyle-Croft <mmc at mmc.com.au> wrote:
> We've all been distracted by the large scale crazy of site blocking, meta
> data retention and whatever else the Australian Government is doing.
>
> But need to focus on some basics:
>
> SHA-1 is on it's way out (see
> http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html
> ).
>
> Friend got a warning for his bank (not Australian) from Chrome about bad
> SSL configs, so I went and had a quick look at the big 4 banks in Australia
> to see what's up.
>
> Commbank - got it right - no SHA-1 for home page or Internet Banking, no
> TLS 1.0
> ANZ - no SSL on home page, TLS 1.0 and SHA-1 for internet banking (oh boy!)
> NAB - no SSL on home page, TLS 1.2 and SHA-1 for internet banking
> Westpac - no SSL on home page, TLS 1.2 and SHA-1 for internet banking
>
> Anyone here who can influence good internet crypto for the 3 that aren't
> quite there?
>
> MMC
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150625/eb7368bd/attachment.html>
More information about the AusNOG
mailing list