Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User camieabz
(sensei) Sat 11-Jul-20 14:13:12
Print Post

Struggling to get into a site suddenly?


[link to this post]
 
https://forums.theregister.com/forum/all/2020/07/10/...

Digicert says, come Saturday, July 11, it will revoke tens of thousands of encryption certificates issued by intermediaries that were not properly audited.
"Although there is no security threat, the EV Guidelines require that we revoke EV certificates signed by the affected ICAs by July 11, 2020 at 12pm MDT (July 11, 18:00 UTC)."

We understand the number of certs set to be pulled is somewhere in the range of 50,000.



Reading a couple of the comments:
How many bank websites will go down this weekend?
At a look at the websites for the largest banks in the UK:
Natwest is fine, they use Commodo. As far as I can see, all other RBS Group companies use the same supplier
Nationwide is affected, they need to replace their certificate today
TSB is affected
Lloyds Banking Group (including Halifax and Bank of Scotland) are fine
HSBC is affected
Clydesdale Bank (+ Yorkshire Bank + Virgin Money + B) are affected
Santander uses Entrust, they are fine
Barclays and Barclaycard use Entrust, they are fine
Monzo uses Cloudflare, they are fine
Revolut don't have an EV certificate.
American Express are affected
So I'm guessing about 40% of the UK population could potentially be without money this weekend.
Why do you need a website to get money? I just use a cash machine.
But the cash machine's secure communications might rely on one of the dodgy certificates. Then again it might just ignore the revocation.


I'm guessing it won't be huge, but you never know. The first rule of business is to keep the system going, so they'll probably ignore the revoke. Having said that, the first rule of banking is keep hold of the cash. smile
  Print Thread

Jump to