Categories

Archives

Banks up to their usual indifference to security again.

Well, it’s 2013 and after 2012 complaints on Banks you would have thought they might be a little more careful with our money.

Well, if you thought that. You would be mistaken.

I received a Letter from NatWest with my On-Line token and log in. As I never asked for this. I expected that some fraud was afoot.

I then sent a secure e-mail to NatWest to confirm that this was an error on their part. Only to received a letter back stating that they thought it was a great idea to send these out to all customers. Even though they hadn’t requested them!

After they state that ‘YOU‘ should be careful not to disclose any of your information, Pins Statements etc.  They seem not to be concerned that these couple of 100,000 letters couldn’t be intercepted?

No doubt it would be my fault that these details became available to 3rd parties. Even when I may not have received the letter.

This letter shouldn’t have been sent out unless specifically requested by me.

Insecure TLS 1.0 being used.

These guys are still using a 1.0 TLS system that has been shown to be able to compromise over 7 years ago.

So, next time you visit any site with a Key. Look at its properties. Most of the Finance community have not implemented the TLS 1.2 which is secure. Google has taken notice. So, pat on the back for their technical crew.

Have a nice day…….

 

 

http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

 

 

Be Sociable, Share!

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>