[AusNOG] AU Major Banks and SHA-1

Matthew Moyle-Croft mmc at mmc.com.au
Fri Jun 26 08:14:05 EST 2015


We've all been distracted by the large scale crazy of site blocking, meta
data retention and whatever else the Australian Government is doing.

But need to focus on some basics:

SHA-1 is on it's way out (see
http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html
).

Friend got a warning for his bank (not Australian) from Chrome about bad
SSL configs, so I went and had a quick look at the big 4 banks in Australia
to see what's up.

Commbank - got it right - no SHA-1 for home page or Internet Banking, no
TLS 1.0
ANZ - no SSL on home page, TLS 1.0 and SHA-1 for internet banking (oh boy!)
NAB -  no SSL on home page, TLS 1.2 and SHA-1 for internet banking
Westpac - no SSL on home page, TLS 1.2 and SHA-1 for internet banking

Anyone here who can influence good internet crypto for the 3 that aren't
quite there?

MMC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150625/a43fbbd5/attachment.html>


More information about the AusNOG mailing list