And you thought your bank was bad…

While working on my latest video (, I came across this bank,

  • Uses HTTP by default? Check.
  • No Content-Security-Policy? Check
  • No Secure Cookies for Session? Check
  • No HTTP Strict Transport Security? Check
  • No XSS protection? Check
  • Uses RC4 for cipher? Check
  • TLS1.0 and 1.1? Check
  • No Forward Secrecy? Check
  • Poodle? Check

Is this a real bank? Or some fake page to trap security investigators? It does seem like it is the investor relations and corporate site of a real bank, one which is not instilling much confidence in me.

Oh yeah, my new video. Its at the bottom (and I go through some more detail on the associated blog post on my company blog). Please consider subscribing to the YouTube channel. Or better yet, follow the company on LinkedIn, it helps a lot!






Leave a Reply

Your email address will not be published. Required fields are marked *