[AusNOG] AU Major Banks and SHA-1

shain.singh at gmail.com shain.singh at gmail.com
Fri Jun 26 09:13:56 EST 2015


There was the following article playing a name and shame game 
http://www.troyhunt.com/2015/05/do-you-really-want-bank-grade-security.html?m=1


--
Shain Singh
+61 422 921 951

// sent from mobile device

> On 26 Jun 2015, at 8:14 am, Matthew Moyle-Croft <mmc at mmc.com.au> wrote:
> 
> We've all been distracted by the large scale crazy of site blocking, meta data retention and whatever else the Australian Government is doing.
> 
> But need to focus on some basics:
> 
> SHA-1 is on it's way out (see http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html).
> 
> Friend got a warning for his bank (not Australian) from Chrome about bad SSL configs, so I went and had a quick look at the big 4 banks in Australia to see what's up.
> 
> Commbank - got it right - no SHA-1 for home page or Internet Banking, no TLS 1.0
> ANZ - no SSL on home page, TLS 1.0 and SHA-1 for internet banking (oh boy!)
> NAB -  no SSL on home page, TLS 1.2 and SHA-1 for internet banking
> Westpac - no SSL on home page, TLS 1.2 and SHA-1 for internet banking
> 
> Anyone here who can influence good internet crypto for the 3 that aren't quite there?  
> 
> M
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150626/5dd89ed1/attachment.html>


More information about the AusNOG mailing list