https://httpswatch.nz/ It's not a great look for NZ banks either. On Sat, 4 Nov 2017 at 13:42 Lawrence D'Oliveiro <ldo(a)geek-central.gen.nz> wrote:
Here <http://www.theregister.co.uk/2017/11/03/uk_bank_security_audit/> are the results of an audit on UK banks to check their adherence to various established security practices: * HTTP Strict Transport Security <https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security> * Security Headers <https://securityheaders.io/> * Content Security Policy <https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP> * avoidance of weak and obsolete encryption (e.g. RC4)
The result: a real mixed bag.
Has anyone done a similar thing for our banks? _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/mailman/listinfo/wlug