NatWest upgrading their main website to HTTPS
Options
RG2015
Posts: 5,905 Forumite
The BBC website are reporting that NatWest are upgrading their main website to HTTPS.
It is good that they are reacting to concerns over this but I am not sure that it will stop dedicated spammers and fraudsters continuing to fool less savvy members of the public.
http://www.bbc.co.uk/news/technology-42353478
It is good that they are reacting to concerns over this but I am not sure that it will stop dedicated spammers and fraudsters continuing to fool less savvy members of the public.
http://www.bbc.co.uk/news/technology-42353478
0
Comments
-
I read that earlier and checked the provider of my own main account, Nationwide, to confirm that their website is HTTPS, which I was glad to find it is. I haven't yet looked at all the others where I have accounts, and even if I do find any that aren't secure I doubt if it will stop me using them, but it might be useful to know.0
-
First Direct is not https but the whole FD online package is so cluncky I couldn't imagine anyone being able to clone it.0
-
First Direct is not https but the whole FD online package is so cluncky I couldn't imagine anyone being able to clone it.
It does everything I need it to do, although with a redesign they could eliminate a few mouse clicks. Its detractors usually claim that it could be cloned by a 10-year-old.0 -
Probably everyone knows this but.... HTTPS simply means the connection is secure (encrypted) it says nothing about the website being secure / the correct one etc etc it is possible to be HTTPS securely connected to a fake website.0
-
Probably everyone knows this but.... HTTPS simply means the connection is secure (encrypted) it says nothing about the website being secure / the correct one etc etc it is possible to be HTTPS securely connected to a fake website.
It’s possible but unlikely as most big organisations will use EV SSL otherwise known as green bar.2.88 kWp System, SE Facing, 30 Degree Pitch, 12 x 240W Conergy Panels, Samil Solar River Inverter, Havant, Hampshire. Installed July 2012, acquired by me on purchase of house in August 20170 -
cjmillsnun wrote: »It’s possible but unlikely as most big organisations will use EV SSL otherwise known as green bar.It is https as soon as you access the log in to Internet Banking screen.
It does everything I need it to do, although with a redesign they could eliminate a few mouse clicks. Its detractors usually claim that it could be cloned by a 10-year-old.First Direct is not https but the whole FD online package is so cluncky I couldn't imagine anyone being able to clone it.
A lot of comments on this thread are wrong.
The attack that sparked this news story and the subsequent action from NatWest was that most of the NatWest website did not have secure HTTPS, while the login page did. The point is that when you're on the insecure part of the NatWest website and click on the "login" button, your request to access the login portion of the website is unencrypted, so a malicious party could redirect your request to a website that looks identical to NatWest, which also have a "secure" connection to it, but it is not NatWest. It literally costs £0 to get a certificate to get HTTPS and thus the green bar.
It is not difficult to make a login page identical to NatWest or First Direct and get a certificate for it to make the connection encrypted.
I have to say, I find it really bizarre that some people comment about the security of NatWest or First Direct despite clearly not knowing what they're talking about. You shouldn't just give your 2 cents on the matter. This is the security of peoples money we are talking about. People should not take your advice and you should not give it out if you're not qualified to do so.
This possible attack has been known since 2008 or something. Perhaps people thinking it's not an issue "because it's hard to get a EV certificate" or "hard to forge the website" is the reason that NatWest hasn't bothered to change it until now.0 -
I have to say, I find it really bizarre that some people comment about the security of NatWest or First Direct despite clearly not knowing what they're talking about. You shouldn't just give your 2 cents on the matter. This is the security of peoples money we are talking about. People should not take your advice and you should not give it out if you're not qualified to do so.
The reader is fully able to choose whether or not to take the advice and whether to conduct their own research. If people didn't give their 2 cents worth the forum would be deprived of a large proportion of its content.
And by the way, my post about FD having a cluncky un-clonable website was firmly tongue in cheek.0
This discussion has been closed.
Categories
- All Categories
- 343.2K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.3K Work, Benefits & Business
- 608.1K Mortgages, Homes & Bills
- 173.1K Life & Family
- 247.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards