Chase.com not verified
Commercial.hsbc.hk not verified (Hong Kong)
pnc verified.
Here are Three examples when clicking on the lock to the left of the URL in the browser … example image follows:
Notice where the cursor is hovering : to the left of the URL (https://www.chase.com)
Notice the Not verified examples are websites that have older cryptology technology on the website (TLS 1.0 and TLS1.2)
I found a few websites with faulty TLS encryption protocols on the webserver after reading this article: http://www.zdnet.com/article/chrome-security-us-banks-hsbc-chase/ (from the Zero Day Blog link)
We have discussed this before http://oversitesentry.com/ssl-security-is-no-longer-pci-compliant/
http://oversitesentry.com/test-new-poodle-vulnerability/
In the links we discuss that TLSv1.2 and higher should be used.
But even if you have TLS1.2 then http://oversitesentry.com/another-major-security-flaw-website-encryption-technology-calledlogjam/ one still has to have a long bit should be used. 2048 bit or higher (not just 1024)
The world is moving quickly and we all have to be on top of our security technologies, because Google is on top of it (or very close to the leading edge)
Here is a site where you can test the websites:
https://weakdh.org/sysadmin.html
the problem that we all have these “testing tools” are available to all the hackers as well:
Notice I only picked Chase and Hsbc because they were also used in the Zero-day article as I am not interested in creating a ‘research paper’ which shows the world where to check for insecure website (the hacker can spend their own time doing that)
All sites should update website encryption technologies that do not include weak technologies or configurations.
1 thought on “Bank Website “Not Verified” says Chrome”