Payment / Banking sites with vulnerable SSL issues
Although there are official compliance and policies that every financial institution must use strongly encrypted channels for sensitive information transfer, we have been seeing the use of relatively less stronger encryption cipher strengths and unpatched flaws such as SSL Renegotiation Bug in payment /banking related sites depending on the countries/IPs they're hosted.
To make concerned people aware of the issues, we've prepared a list of some vulnerable banking sites snapshot via ssl labs.
Rating A but vulnerable to SSL Renegotiation Attack
Barclays Bank UK ibank.barclays.co.uk
UOB Bank pib.uob.com.sg
OCBC Bank ocbc.com
HSBC Bank US us.hsbc.com
HSBC Bank UK hsbc.co.uk
Ever Bank www.everbank.com
NatWest Bank natwestibanking.com
Citizens Bank citizensbankonline.com
Summit Bank summitbankdirect.com
Tai Fung Bank taifungbank.com
United One Credit Union - www.unitedone.org
eAdvantage Internet Banking cib-maintpg.ibanking-services.com
Isle of MAN Bank www.iombankibanking.com
RBS International Bank www.rbsiibanking.com
Peoples National Bank cibng.ibanking-services.com
CIMB Bank (SG) cimbclicks.com.sg
BB&T CashManager business-eb.ibanking-services.com
Nets (SG) www.nets.com.sg
Rating B [Weak Cipher Support+SSL Renegotiation]
HSBC Bank HongKong hsbc.com.hk
Zion Bank www.zionsbank.com
Discover Bank www.discoverbank.com
MilliKart Bank millikart.az
Rating C [Weak Cipher Support]
Bank Of America www.bankofamerica.com
Deutsche Bank India Branch login.deutschebank.co.in
Reg CIMB Bank (Thai) cimbthai.com
Hume Building Society - humebuild.com.au
Standard Chartered Online Banking standardchartered.com.sg
St. George Bank stgeorge.com.au
Rating D [Weak Cipher/Protocol/KeyStrength Support]
Bangkok Bank ibanking.bangkokbank.com
Mutual Trust Bank mutualtrustbank.com
Leon Bank www.leon.com.do
War Wick Credit Union warwickcreditunion.com.au
Comments
Post a Comment