Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

O2 joins Virgin Media as member of weak crypto software club

Operator promises El Reg it'll all be fixed before browsers deep-six support

It turns out that Virgin Media isn't the only telco still using the weak RC4 stream cipher on the more sensitive areas of its website. Step forward O2, which is also stuck on the broken SSL system.

The mobile carrier, as spotted by Reg reader Stephen, still transfers customer bank details over the weak crypto algorithm.

If you run O2's identity webpage through SSL Labs' analysis site, it confirms that the operator's "server accepts the RC4 cipher, which is weak."

As The Register has previously reported, Virgin Media has been taking its time over moving its sensitive webpages away from the crappy encryption software.

However, big browser makers have warned that support for the RC4 cipher suite will end early next year.

El Reg asked O2 to tell us why it was still stuck on the system.

A company spokesbeing told us: "We are aware of this issue and are planning to move away from this system in good time before browser makers remove support next year."

So that's alright then! ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like