Re: Government of Mauritius website allows weak security

From: Ish Sookun <ish_at_hacklog.in>
Date: Tue, 30 Jun 2015 11:01:45 +0400

Hello SM,

On 6/29/15 8:51 PM, S Moonesamy wrote:
>
> Please see
> http://lists.elandnews.com/archive/mauritius/internet-users/2015/05/1787.html
>

If the attitude of all government agencies remain as in the above
message, then we will never get answers. Our suggestions will never be
listened and the government could spend a lot of money without any
transparency on those expenses.

>> In the earlier email, I mentioned MCB Internet Banking (ib.mcb.mu)
>> supports TLS_RSA_WITH_RC4_128_MD5. I would expect the Mauritius
>> Commercial Bank to be more security conscious than government agencies.
>
> Is https://ib.ncbl.mu secure?
>

You have written about the SSL certificate used by ncbl.mu previously.
We have also discussed the usage of wix.com to build ncbl.mu website. At
the moment, ib.ncbl.mu uses cipher TLS_RSA_WITH_RC4_128_MD5. It is not
secure.

Regards,

-- 
​Ish Sookun
- Geek by birth, Linux by choice.
- I blog at HACKLOG.in.
https://twitter.com/IshSookun ^^ Do you tweet?
Received on Tue Jun 30 2015 - 07:02:09 PST

This archive was generated by hypermail 2.3.0 : Tue Jun 30 2015 - 07:09:01 PST