Reply to post: Good article. Maybe this will help them?

El Reg assesses crypto of UK banks: Who gets to wear the dunce cap?

simon@simonrosephotography.co.uk

Good article. Maybe this will help them?

I too have had concerns over the security of banking websites. I'd tested Santander with SSLLabs a while back and it scored badly. It was near impossible to get anyone at the bank to listen to me, although it does look like they are listening now as the score has improved. Conversely, I reported similar SSL vulnerabilities to my investment platform (AJ Bell) and had a phone call back almost immediately from their Security Officer thanking me for my concerns and assuring me they'd address them. They fixed the issues within a week. Kudos to them.

So, it can be done, and HSTS is really simple to implement too.

El Reg, maybe forward them all this article from the reknown Troy Hunt?

https://www.troyhunt.com/the-6-step-happy-path-to-https/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019