[AusNOG] AU Major Banks and SHA-1
shain.singh at gmail.com
shain.singh at gmail.com
Fri Jun 26 09:13:56 EST 2015
There was the following article playing a name and shame game
http://www.troyhunt.com/2015/05/do-you-really-want-bank-grade-security.html?m=1
--
Shain Singh
+61 422 921 951
// sent from mobile device
> On 26 Jun 2015, at 8:14 am, Matthew Moyle-Croft <mmc at mmc.com.au> wrote:
>
> We've all been distracted by the large scale crazy of site blocking, meta data retention and whatever else the Australian Government is doing.
>
> But need to focus on some basics:
>
> SHA-1 is on it's way out (see http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html).
>
> Friend got a warning for his bank (not Australian) from Chrome about bad SSL configs, so I went and had a quick look at the big 4 banks in Australia to see what's up.
>
> Commbank - got it right - no SHA-1 for home page or Internet Banking, no TLS 1.0
> ANZ - no SSL on home page, TLS 1.0 and SHA-1 for internet banking (oh boy!)
> NAB - no SSL on home page, TLS 1.2 and SHA-1 for internet banking
> Westpac - no SSL on home page, TLS 1.2 and SHA-1 for internet banking
>
> Anyone here who can influence good internet crypto for the 3 that aren't quite there?
>
> M
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150626/5dd89ed1/attachment.html>
More information about the AusNOG
mailing list