Cahoot
Mark Lomas
ukcrypto at absent-minded.com
Wed May 6 22:02:16 BST 2015
Francis,
The site appears to be vulnerable to several possible attacks.
You may be interested in what Qualys thinks of that site.
https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fwww.cahoot.com
I wouldn't use that site at present.
I suspect that part of the problem is that if they fixed the major problem
they would break compatibility with older browsers.
Mark
On 6 May 2015 at 17:41, Francis Davey <fjmd1a at gmail.com> wrote:
> My apologies if this is a stupid question, but someone might be able to
> give me some perspective.
>
> If I navigate to https://www.cahoot.com, Chrome seems less than happy. It
> complains about the cryptographic technology being obsolete and also that
> the site does not possess a public key certificate (if I am interpreting
> correctly). The icon it displays suggests a fairly qualified acceptance of
> the site.
>
> If I then click on the log in button I am sent to securebank.cahoot.com
> for which Chrome has other (but slightly different) complaints. Also: in
> the process a window very briefly appears and then vanishes again (which is
> always unsettling).
>
> Is it safe for me to go forward and enter my security details to access my
> account, or should I contact the bank and ask them to fix it (or rather to
> wait in their customer service queue to be told "no" after much
> incomprehension I suspect).
>
> Thoughts? I am keen not to have my bank account hacked.
>
> --
> Francis Davey
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20150506/a22f580d/attachment.html>
More information about the ukcrypto
mailing list