<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>There was the following article playing a name and shame game <br><a href="http://www.troyhunt.com/2015/05/do-you-really-want-bank-grade-security.html?m=1">http://www.troyhunt.com/2015/05/do-you-really-want-bank-grade-security.html?m=1</a></div><div><br></div><div><br><span style="background-color: rgba(255, 255, 255, 0);">--</span><div><span style="background-color: rgba(255, 255, 255, 0);">Shain Singh</span></div><div><a href="tel:+61%20422%20921%20951" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="0" style="font-size: 13pt; background-color: rgba(255, 255, 255, 0);"><font color="#000000">+61 422 921 951</font></a></div><div><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div><div><span style="background-color: rgba(255, 255, 255, 0);">// sent from mobile device</span></div></div></div><div><br>On 26 Jun 2015, at 8:14 am, Matthew Moyle-Croft <<a href="mailto:mmc@mmc.com.au">mmc@mmc.com.au</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr"><div>We've all been distracted by the large scale crazy of site blocking, meta data retention and whatever else the Australian Government is doing.</div><div><br></div><div>But need to focus on some basics:</div><div><br></div><div>SHA-1 is on it's way out (see <a href="http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html">http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html</a>).<br></div><div><br></div><div>Friend got a warning for his bank (not Australian) from Chrome about bad SSL configs, so I went and had a quick look at the big 4 banks in Australia to see what's up.</div><div><br></div><div>Commbank - got it right - no SHA-1 for home page or Internet Banking, no TLS 1.0</div><div>ANZ - no SSL on home page, TLS 1.0 and SHA-1 for internet banking (oh boy!)</div><div>NAB - no SSL on home page, TLS 1.2 and SHA-1 for internet banking</div><div>Westpac - no SSL on home page, TLS 1.2 and SHA-1 for internet banking</div><div><br></div><div>Anyone here who can influence good internet crypto for the 3 that aren't quite there? </div><div><br></div><div>M</div></div></div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>AusNOG mailing list</span><br><span><a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a></span><br><span><a href="http://lists.ausnog.net/mailman/listinfo/ausn">http://lists.ausnog.net/mailman/listinfo/ausn</a></span></div></blockquote></body></html>