How secure is your bank (UK Edition)?

By Batfink
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

The_Decryptor Veteran

Posted
  • Veteran
Posted

How about this one?

https://www.ssllabs.com/ssltest/analyze.html?d=ib.nab.com.au

At this point nobody considers RC4 to be secure, and there's known attacks against SSL3 that make any server using it fundamentally insecure too (And TLS 1.0 might have the same flaw so even then anything less than TLS 1.1 is insecure)

And the way AES is implemented in TLS isn't secure either, unless you're using GCM cipher modes.

Link to comment
Share on other sites
Grand Master

Haggis Veteran

Posted
  • Veteran
Posted

I start work with one of these banks and its in relation to there digital banking systems

 

lets see how long it takes me to get that F grade higher lol

Link to comment
Share on other sites
Grand Master

Aergan

Posted
Posted

I thought mine would be a few page scrolls down in the ratings. My expectations were met.

Link to comment
Share on other sites
Grand Master

+John Teacake MVC

Posted
  • MVC
Posted

The only thing I can think is that most of these checks are done on the top level domain, The Actual backing servers would have to comply with more regulations etc. Just a thought, Informative though because it does give a good indication of what the bank is like. 

Link to comment
Share on other sites
Grand Master

Batfink

Posted
  • Author
Posted

You're absolutely right John.  This is just a test of the connection between an end user (via their browser - it does not include App's etc) to the bank.

 

Although I would hope that all banks would aim for the best security possible.  That said... There is another secure UK investment institution...

 

Nutmeg - A

https://www.ssllabs.com/ssltest/analyze.html?d=nutmeg.com&s=54.229.100.254&latest

This is how it is done.

Link to comment
Share on other sites
Grand Master

+John Teacake MVC

Posted
  • MVC
Posted

We should start doing government sites and other public sector sites and post them here and maybe why you posted them, So if you say you use it alot. 

Link to comment
Share on other sites
Apprentice

Slices

Posted
Posted

How about this one?

https://www.ssllabs.com/ssltest/analyze.html?d=ib.nab.com.au

At this point nobody considers RC4 to be secure, and there's known attacks against SSL3 that make any server using it fundamentally insecure too (And TLS 1.0 might have the same flaw so even then anything less than TLS 1.1 is insecure)

And the way AES is implemented in TLS isn't secure either, unless you're using GCM cipher modes.

 

And they've now barred their site from testing, says a lot, hehe.

Link to comment
Share on other sites
Grand Master

Batfink

Posted
  • Author
Posted

We should start doing government sites and other public sector sites and post them here and maybe why you posted them, So if you say you use it alot. 

 

Gov.uk - A

https://www.ssllabs.com/ssltest/analyze.html?d=www.gov.uk&s=199.27.79.144

It would appear they know what they are doing better than most banks!

  • +John Teacake
  • Like 1
Link to comment
Share on other sites
Mentor

Lant

Posted
Posted
Santander - C

https://www.ssllabs.com/ssltest/analyze.html?d=retail.santander.co.uk

Supports RC4 but also orders the Cipher suites badly, resulting in RC4 being used in modern browsers instead of a more secure alternative, this downgrades Santander from B to C (NOTE: From September onwards this may result in a downgrade to an F).

 

This combined with the poor way they implement authentication during log-on (no two-factor auth using bank card, instead requiring a phone code to do certain tasks), isn't great...

Link to comment
Share on other sites
  • 3 months later...
This topic is now closed to further replies.
 Share
Go to topic listing