back to article Lloyds TSB certificate glitch sparks concerns

Online banking customers logging onto the Lloyds TSB website on Friday morning were confronted by potentially confusing warnings about a security certificate. Consumers were greeted with a "website certified by an unknown authority" pop-up message for *.clickshift.com after accessing online.lloydstsb.co.uk. certificate …

COMMENTS

This topic is closed for new posts.
  1. Pete Sowerby

    Noticed that this morning

    Noticed it clicked cancel and bailed straight out as computer was running slow as well. Just in case. But glad to know it wasn't just me!

  2. Dillon Pyron

    Even worse

    There was a "high value"* investment service, that I can't name because of NDA, that issued its own certificate. They said that was okay, they just told their customers to accept it. So I issued my own certificate, hacked the site (Code Red days) and did some phishing, back before it was popular.

    They bought a certificate from Verisign.

    * high value - net worth in excess of $10M

  3. Peter Fairbrother

    Cookies and ... security?

    I just accessed my Lloydstsb account after cleaning all cookies. I got cookies from:

    clickshift.com

    doubleclick.net

    lloydstsb.com

    mi.lloydstsb.com

    server.lon.liveperson.net

    statse.webtrendslive.com

    WTF??? Lloydstsb securty or privacy policy has gone straight into the shi**er. What are the morons playing at?

    BTW I then did the same for El Reg, and got cookies from::

    nir.regaccount.com

    medialex.com

    imrworldwide.com

    hmmm...

  4. Anonymous Coward
    Anonymous Coward

    Lloyds TSB Cookies

    I have been unable to login to LloydsTSB, without selecting the "Allow Session Cookies" check box (Tools..Internet Options..Privacy...Advanced) since IE7 was installed. I rang Lloyds help desk and was told that they hadn't done any testing on IE7 so couldn't solve the problem. Fact is I use a program called CookiePal to control cookies. Anyway I seem to have resolved the problem by adding mi.lloydstsb.com as an acceptable cookie in the CookiePal program. What surprised me is the number of "non" lloyds cookies that are offered during login. I don't expect my bank to force unwanted ad-cookies onto my system.

  5. Anonymous Coward
    Anonymous Coward

    Warning overrides toss SSL's security

    This "unknown issuer" warning is caused by a simple server configuration error that is trivial for the server administrator to fix.

    How sad that a financial institution would advise (and hence train) their customers to ignore this vital browser warning and thereby defeat the security that SSL otherwise provides those users, instead of getting their business partner to correct the server misconfiguration!

    These "unknown issuer" warnings are the very same warnings that the browser gives if it is visiting an ATTACKER's web site. Users ignore (and override) that warning at their own peril! Responsible server administrators will do the necessary things within their power to prevent their users from experiencing those errors.

  6. Mark Giles

    I've been unable to access Lloyds TSB (even the www.lloydstsb.com) since 27 April

    I can't load the log-on page in either Firefox OR I.E. Neither can I access the basic www.lloydstsb.com.

    I've phoned the lloyds tsb online helpdesk, who talked me through a complete deletion of cookies, histories etc, but no good.

    They've also suggested I contact my ISP, (Madasafish).

    Is anyone else still experiencing problems, please?

    Mark

This topic is closed for new posts.

Other stories you might like