Bank Website “Not Verified” says Chrome

chasenotverified  Chase.com not verified

commercialhsbcnotverified  Commercial.hsbc.hk not verified (Hong Kong)

pncverified pnc verified.

 

Here are Three examples when clicking on the lock to the left of the URL  in the browser   … example image follows:

wheretoclickonChrome

Notice where the cursor is hovering : to the left of the URL (https://www.chase.com)

Notice the Not verified examples are websites that have older cryptology technology on the website (TLS 1.0 and TLS1.2)

 

I found a few websites with faulty TLS encryption protocols on the webserver after reading this article: http://www.zdnet.com/article/chrome-security-us-banks-hsbc-chase/  (from the Zero Day Blog link)

 

We have discussed this before  http://oversitesentry.com/ssl-security-is-no-longer-pci-compliant/

http://oversitesentry.com/test-new-poodle-vulnerability/

 

In the links we discuss that TLSv1.2 and higher should be used.

 

 

But even if you have TLS1.2 then http://oversitesentry.com/another-major-security-flaw-website-encryption-technology-calledlogjam/   one still has to have a long bit should be used.  2048 bit or higher (not just 1024)

 

The world is moving quickly and we all have to be on top of our security  technologies, because Google is on top of it (or very close to the leading edge)

Here is a site where you can test the websites:

https://weakdh.org/sysadmin.html

the problem that we all have these “testing tools”  are available to all the hackers as well:

chaseservertest

 

Notice I only picked Chase and Hsbc because they were also used in the Zero-day article as I am not interested in creating a ‘research paper’ which shows the world where to check for insecure website (the hacker can spend their own time doing that)

All sites should update website encryption technologies that do not include weak technologies or configurations.

 

Advertisements

One thought on “Bank Website “Not Verified” says Chrome”

Leave a Reply

Your email address will not be published. Required fields are marked *