| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200210291823.07996.staikos@0wned.org> From: staikos at 0wned.org (George Staikos) Subject: sympatico.ca uses weak encryption on their billing server Bell Canada Sympatico is one of the largest Internet providers in Canada. After repeated requests over the past month to multiple addresses at Bell Canada/Sympatico's security and network contacts, I have given up hope. Their billing server, https://www.billing.sympatico.ca/, is still running Netscape 3.6 SP3 with a 40 bit export-level encryption key. They insist that this is strong encryption, and the people answering my emails are too incompetent to understand my concerns that they use a stronger encryption key. The responses I generally received were that I did not have my mouse in the right place to see the padlock. This server is used to store all the personal and billing information for customers of Bell Sympatico. It also allows customers to modify their account settings and preferences. Given the age of the software and the known exploits for it, along with the weak encryption key in use, I recommend not using the online account management system, and complaining very loudly to Bell. -- George Staikos
Powered by blists - more mailing lists