Banks up to their usual indifference to security again.

Well, it’s 2013 and after 2012 complaints on Banks you would have thought they might be a little more careful with our money.

Well, if you thought that. You would be mistaken.

I received a Letter from NatWest with my On-Line token and log in. As I never asked for this. I expected that some fraud was afoot.

I then sent a secure e-mail to NatWest to confirm that this was an error on their part. Only to received a letter back stating that they thought it was a great idea to send these out to all customers. Even though they hadn’t requested them!

After they state that ‘YOU‘ should be careful not to disclose any of your information, Pins Statements etc.  They seem not to be concerned that these couple of 100,000 letters couldn’t be intercepted?

No doubt it would be my fault that these details became available to 3rd parties. Even when I may not have received the letter.

This letter shouldn’t have been sent out unless specifically requested by me.

Insecure TLS 1.0 being used.

These guys are still using a 1.0 TLS system that has been shown to be able to compromise over 7 years ago.

So, next time you visit any site with a Key. Look at its properties. Most of the Finance community have not implemented the TLS 1.2 which is secure. Google has taken notice. So, pat on the back for their technical crew.

Have a nice day…….

 

 

http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

 

 

About tagware

I've worked in IT for over 30 years. As the owner of one of the earlier AutoDesk Dealerships, when Richard Handyside was the main UK guy in The Cut! We supplied complete CAD, Networks and visualisation systems to Corporate clients such as RIBAS, Channel 4, NHS, BBC, Merrill Lynch, COMET Plc, Morgan Stanley too mention a few. We also developed the graphical ADB system for the Department of Health and a graphically lead Asset system for Merrill Lynch. Subsequently became a contract IT Consultant in both Developement and Production area's for both Large and small businesses. Which is what I'm still doing.
This entry was posted in Banking and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.