Sainsbury’s Bank website still relies on insecure cryptography protocols that more security conscious organisations have abandoned as obsolete. The UK supermarket-owned bank’s “secure” site rates an “F” in tests using the industry standard Qualys’ SSL Labs service – chiefly because of the support for protocols security experts reckon are well past their sell-by date. “Shocking really: RC4, SHA-1 cert and other issues,” Mal M, the Reg reader who brought the issue to our attention, commented. “Someone there should be beaten to a pulp with a keyboard.” The practical upshot here is that Sainsbury’s Bank is not following industry best practice, creating an added risk as a result, not that customer details have been exposed much less leaked. The class of security risk here is one that other UK banks among other organisations have had issues with in the past.
View full story
ORIGINAL SOURCE: The Register