Full Disclosure mailing list archives
sympatico.ca uses weak encryption on their billing server
From: George Staikos <staikos () 0wned org>
Date: Tue, 29 Oct 2002 18:23:07 -0500
Bell Canada Sympatico is one of the largest Internet providers in Canada. After repeated requests over the past month to multiple addresses at Bell Canada/Sympatico's security and network contacts, I have given up hope. Their billing server, https://www.billing.sympatico.ca/, is still running Netscape 3.6 SP3 with a 40 bit export-level encryption key. They insist that this is strong encryption, and the people answering my emails are too incompetent to understand my concerns that they use a stronger encryption key. The responses I generally received were that I did not have my mouse in the right place to see the padlock. This server is used to store all the personal and billing information for customers of Bell Sympatico. It also allows customers to modify their account settings and preferences. Given the age of the software and the known exploits for it, along with the weak encryption key in use, I recommend not using the online account management system, and complaining very loudly to Bell. -- George Staikos _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- sympatico.ca uses weak encryption on their billing server George Staikos (Oct 29)