Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Half of UK financial institutions vulnerable to well-known crypto flaws

We can’t name names, say consultancy, suffice to say they’re at risk

Fifty per cent of UK high street financial institutions utilise weak SSL certificates on their secure authentication portals, according to a new study by Xiphos Research.

An assessment of 84 UK- and foreign-owned banking institutions in November by the international information security firm, and published on Monday, found that more than half were running SSL certificates that may expose their customers data to unwarranted risk.

Problems identified included certificate instances that may be vulnerable to well-documented attacks, such as CRIME and POODLE, as well as other crypto flaws.

Xiphos is not naming the affected organisations but its findings are nonetheless credible because individual instances of banks failing to update sites in the weeks after serious crypto flaws (such as POODLE) are well known.

The security consultancy may not have been able to contact many of the impacted organisations, a factor that led it to avoiding naming names.

In cases where it couldn’t contact organisations directly it passed on its findings via the Financial Conduct Authority and NCA (National Crime Agency). ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like