Monday, December 6, 2010

Payment / Banking sites with vulnerable SSL issues

Although there are official compliance and policies that every financial institution must use strongly encrypted channels for sensitive information transfer, we have been seeing the use of relatively less stronger encryption cipher strengths and unpatched flaws such as SSL Renegotiation Bug in payment /banking related sites depending on the countries/IPs they're hosted.

To make concerned people aware of the issues, we've prepared a list of some vulnerable banking sites snapshot via ssl labs.

Rating A but vulnerable to SSL Renegotiation Attack
Barclays Bank UK  ibank.barclays.co.uk 
UOB Bank pib.uob.com.sg 
OCBC Bank ocbc.com
HSBC Bank US us.hsbc.com
HSBC Bank UK hsbc.co.uk
Ever Bank www.everbank.com
NatWest Bank natwestibanking.com
Citizens Bank citizensbankonline.com
Tai Fung Bank taifungbank.com
United One Credit Union - www.unitedone.org
eAdvantage Internet Banking cib-maintpg.ibanking-services.com
Isle of MAN Bank   www.iombankibanking.com
RBS International Bank  www.rbsiibanking.com
Peoples National Bank cibng.ibanking-services.com
CIMB Bank (SG) cimbclicks.com.sg
Nets (SG)  www.nets.com.sg
Rating B [Weak Cipher Support+SSL Renegotiation]
HSBC Bank HongKong hsbc.com.hk
Discover Bank www.discoverbank.com 
MilliKart Bank millikart.az
Rating C [Weak Cipher Support]
HSBC Main Site www.hsbc.com   (vulnerable to SSL Renegotiation Attack)
Bank Of America www.bankofamerica.com
Deutsche Bank India Branch login.deutschebank.co.in
RBS (Romania) ibanking.rbs.ro  (vulnerable to SSL Renegotiation Attack)
Reg CIMB Bank (Thai) cimbthai.com
Bhutan National Bank bnb.com.bt (vulnerable to SSL Renegotiation Attack)
Hume Building Society - humebuild.com.au
Standard Chartered Online Banking  standardchartered.com.sg
St. George Bank  stgeorge.com.au


Rating D [Weak Cipher/Protocol/KeyStrength Support]
Mutual Trust Bank mutualtrustbank.com
Leon Bank www.leon.com.do
War Wick Credit Union  warwickcreditunion.com.au
Oriental Bank  www.obconline.co.in

No comments:

Post a Comment