General Discussion
  >> Fibre Broadband


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | (show all)   Print Thread
Standard User adslmax
(knowledge is power) Mon 20-Feb-17 00:04:51
Print Post

DSL Checker not secure?


[link to this post]
 
Very odd as firefox, google, internet explorer told me to get out of this site, not connected to secure!

https://s16.postimg.org/hpzpb6erp/dslchecker.jpg
Standard User PaulKirby
(knowledge is power) Mon 20-Feb-17 07:50:03
Print Post

Re: DSL Checker not secure?


[re: adslmax] [link to this post]
 
Well I am only getting it on Chrome, IE and Edge are fine.

Chrome says the following:
Obsolete Connection Settings
The connection to this site uses an obsolete protocol (TLS 1.0), a strong key exchange (ECDHE_RSA with P-256), and an obsolete cipher (AES_128_CBC with HMAC-SHA1).

So they need to recreate their Certs.

Tell a lie, Edge are flagging it just not showing a notifications apart from within the development tools.
SEC7132: The certificate protecting this website uses weak cryptography (SHA1). The website should replace this certificate with an SHA2 certificate before SHA1 is no longer allowed.

So yeah tongue

It seems noting has changed on the site Certificate wise, just that the browsers are now starting to moan about old versions of encryptions.

As far as I can see the cert was last updated on 14th April 2014 00:00:00 and will expire on 12th June 2017 23:59:59.

Paul

BTBroadband - Infinity 4 - 310Mbps (down), 31Mbps (up)
TBB Speedtest
Standard User hypertony
(experienced) Mon 20-Feb-17 08:25:14
Print Post

Re: DSL Checker not secure?


[re: adslmax] [link to this post]
 
I mentioned it to BTCare Twitter on the other day - they say "it works fine" and nothing more. Think they don't fully understand...

- Tony Sutton
- Check out my Ford Focus ST170 site | View my Car's Dashcam Videos


Register (or login) on our website and you will not see this ad.

Standard User RobertoS
(elder) Mon 20-Feb-17 08:25:43
Print Post

Re: DSL Checker not secure?


[re: adslmax] [link to this post]
 
Probably this is the reason. It's asking for phone number and/or address.

Kindness isn't going to cure the world of all its awfulness but it's a good place to begin. Daisy Ridley.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 65258/14193Kbps @ 600m. BQMs - IPv4 & IPv6

Edited by RobertoS (Mon 20-Feb-17 08:26:35)

Standard User Chrysalis
(legend) Mon 20-Feb-17 08:49:13
Print Post

Re: DSL Checker not secure?


[re: hypertony] [link to this post]
 
just wait till it gets blocked, suddenly it will get fixed overnight, its how these large companies work, security is always deemed as "unneeded expense and manpower".

Sky Fibre Pro BQM - IPv4 BQM - IPv6
Standard User ukhardy07
(knowledge is power) Mon 20-Feb-17 10:13:46
Print Post

Re: DSL Checker not secure?


[re: Chrysalis] [link to this post]
 
BT have a full internal pentest team and generally spend a fair bit. I'm surprised it hasn't been dealt with already.
Standard User WWWombat
(knowledge is power) Mon 20-Feb-17 11:43:31
Print Post

Re: DSL Checker not secure?


[re: Chrysalis] [link to this post]
 
Large companies are made up of lots of individual people. The ones who set, or change security policy are a long way from the people who renew certificates.

This is more likely on the Gantt chart of some individual project manager, for some individual support engineer to work on, based on the expiry date.

It will change from unimportant to vital overnight, when the appropriate day rolls on.

If browsers start to block users early, then that job will be bumped up, so I agree with that. A smart support engineer will then trigger other certificates to be checked, but that probably depends on the experience level of the individual who gets allocated the job when it turns up.
Standard User Chrysalis
(legend) Mon 20-Feb-17 13:35:15
Print Post

Re: DSL Checker not secure?


[re: ukhardy07] [link to this post]
 
they not doing a great job then as I have come across various issues on BT hosted sites over the years, issues that should be extremely basic to pick up by any experienced security bod.

Sky Fibre Pro BQM - IPv4 BQM - IPv6
Standard User Chrysalis
(legend) Mon 20-Feb-17 13:36:52
Print Post

Re: DSL Checker not secure?


[re: WWWombat] [link to this post]
 
an example is tesco, sometime a year or two ago, I couldnt access a page which prevented me doing an order, when I rang up the guy said tesco were aware already a few months back of the problem but they were not aware chrome started blocking their website, of course once they was aware of the latter it got fixed pretty quickly before it started affecting the bottom line.

Sky Fibre Pro BQM - IPv4 BQM - IPv6
Standard User PaulKirby
(knowledge is power) Mon 20-Feb-17 18:18:59
Print Post

Re: DSL Checker not secure?


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
Probably this is the reason. It's asking for phone number and/or address.

Its not that.
Their HTTPS Certificate is using TLS 1.0 which is old and not as secure as 1.1 and 1.2.
Edge reported it as not secure due to using TLS 1.0, the page was encrypted but not secure as it could be.

Basically its not the RSA Certificate its how they have setup the SSL side of their server.

Let me run some tests to do with how secure their site is and I will get back.

*** update ***
I just run some Security Checks on the dsl checker and it fails the tests.

They even have SSL3 which has exploits and should never be used.
They get a rating of F where as it should have a rating of A or A+

This is a rating of one of my sites, as you will see its rated A+

I will email one of the people I have spoken to at BT Wholesale.

Paul

BTBroadband - Infinity 4 - 310Mbps (down), 31Mbps (up)
TBB Speedtest

Edited by PaulKirby (Mon 20-Feb-17 18:28:03)

Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | (show all)   Print Thread

Jump to