Following the disclosure of the the OpenSSL Heartbleed bug in April 2014, numerous tools appeared online to test whether websites were vulnerable to it.<\/p>\n
Qualys SSL Labs’ server test was one such tool, and at the time we used it to check the strength of the security<\/strong><\/a>\u00a0of many South African websites.<\/p>\n Absa\u2019s Internet banking site scored a B back then. This has improved<\/a><\/strong> to an A-.<\/p>\n However, a MyBroadband reader dug around on Absa\u2019s site and discovered that when you enter your account number and PIN and click next, your credentials are sent to a different server: vs1.absa.co.za.<\/p>\n For this domain, the results of the SSL Labs test look different.<\/p>\n Not only does SSL Labs report that this Absa domain is still vulnerable to the POODLE attack disclosed in 2014, it also supports insecure negotiation.<\/p>\n However, Absa has said that clients need not be alarmed by the SSL Labs test results.<\/p>\n \u201cWe are aware of the issues the reader has raised and we\u2019re confident that they do not pose a risk to customers,\u201d said Absa.<\/p>\n The bank said it gets independent vendors to perform penetration tests against the platform regularly.<\/p>\n \u201cVulnerabilities identified in such tests and which reach us through other channels, such as reports from the security community, are evaluated for exploitability and impact on the customer, and are addressed with priority where it is found the vulnerabilities pose a risk.\u201d<\/p>\n SA banks, networks, online shops SSL security rankings<\/strong><\/a><\/p>\n Critical security bug hits South African websites<\/strong><\/a><\/p>\n Paying your TV licence online? Watch out for this security flaw<\/strong><\/a><\/p>\n Anonymous nailed 3,392 sites on Webafrica \u2013 this is how they got in<\/strong><\/a><\/p>\nMore security news<\/h3>\n