Sygma Bank website

almost_there

Hi has anyone else had problems with the website, I'm getting a message saying that the Security Certificate has expired. Any ideas?

Moggles_2

Perhaps the bank's security certificate has expired and has yet to be updated.

I'm not familiar with the Sygma Bank website, but experienced something similar when I tried to log into my ING savings account a while back. The following day all was well, once again.

LinuxAllTheWay

almost_there wrote: »

Hi has anyone else had problems with the website, I'm getting a message saying that the Security Certificate has expired. Any ideas?

Do NOT, under any circumstances, use the site until that message has been cleared! I'm assuming you're trying to go to www dot creationfs dot co dot uk which then re-directs you to my-oam dot co dot uk?

I work in IT security for a large financial organisation. I won't go in to the ins and outs now but wait until they're sorted the certificate problem out before using the site.

almost_there

Thtank you very much for that, I had no intention of using it till it was rectified, as you hear so many horror stories about things like that.

ElkyElky

LinuxAllTheWay wrote: »

Do NOT, under any circumstances, use the site until that message has been cleared! I'm assuming you're trying to go to www dot creationfs dot co dot uk which then re-directs you to my-oam dot co dot uk?

I work in IT security for a large financial oprganisation. I won't go in to the ins and outs now but wait until they're sorted the certificate problem out before using the site.

Expired certificates still encrypts the data and creates a secure connection. I'm sure you are already aware of this, since you work in the security field.

It is perfectly fine to trust a website with an expired certificate if you've used it previously, and already know the said website is pretty much genuine. The domain on the certificate matches the domain in the address bar so there is absolutely no need to stay clear of the site.

Having said that, I confidently logged in earlier today, regardless of it being expired, as I know and I am confident that any data being sent to them will still be encrypted.

LinuxAllTheWay

ElkyElky wrote: »

Expired certificates still encrypts the data and creates a secure connection. I'm sure you are already aware of this, since you work in the security field.

It is perfectly fine to trust a website with an expired certificate if you've used it previously, and already know the said website is pretty much genuine. The domain on the certificate matches the domain in the address bar so there is absolutely no need to stay clear of the site.

Having said that, I confidently logged in earlier today, regardless of it being expired, as I know and I am confident that any data being sent to them will still be encrypted.

You're having a laugh, right?

Please tell me you're having a laugh.

ElkyElky

LinuxAllTheWay wrote: »

You're having a laugh, right?

Please tell me you're having a laugh.

Excuse me?

LinuxAllTheWay

ElkyElky wrote: »

Excuse me?

Granted the risk is low but ANY certificate issue should be treated with caution. In this case, the chances are that the sysadmin at Creation has forgotten to renew a cert (to be honest, who hasn't) and it'll probably be sorted when he/she gets to his desk in the morning.

None the less, this issue COULD, and I stress the word COULD, be used as part of a MITM (Man In The Middle) strategy for obtaining credentials. A long shot I know but it can be done.

I cannot believe that you're advocating the transmission of personal data to a credit card related website when there is an issue (regardless of what that issue is) with the digital cert.:mad:

binaryuniverse

Elky is right in that you won't have an issue. You are still going to the correct website and its just an oversight on the site admins part (probably due to certificate expiring on the weekend).

ElkyElky

LinuxAllTheWay wrote: »

Gratned the risk is low but ANY certificate issue should be treat with caution. In this case, the chances are that the sysadmin at Creation has forgotten to renew a cert (to be honest, who hasn't) and it'll probably be sorted when he/she gets to his desk in the morning.

None the less, this issue COULD, and I stress the word COULD, be used as part of a MITM (Man In The Middle) strategy for obtaining credentials. A long shot I know but it can be done.

I cannot believe that you're advocating the transmission of personal data to a credit card related website when there is an issue (regardless of what that issue is) with the digital cert.:mad:

The fact is, the site is genuine, like it was genuine yesterday and the day before.

It does not matter whether it is expired or not, the connection is still secure and any data transmitted will continue to be encrypted. Just because it expired yesterday, doesn't mean the encrypted data can be decrypted by third parties. The certificate still holds the same security integrity as it did before expiring, and being expired does not make it any "weaker".

Now if the browser stated that the certificate does not match the site it was issued for, then that would be a whole different situation.

As I said in my previous post, working in the security field, I'd have thought you would have known this?

LinuxAllTheWay

binaryuniverse wrote: »

Elky is right in that you won't have an issue. You are still going to the correct website and its just an oversight on the site admins part (probably due to certificate expiring on the weekend).

Not quite right there either, BU.

If you knew anything about X500, DNS and hacking then you'd be agreeing with me.

I am not going to go in to detail in a public forum. I've done my bit and tried to warn people off using any site with any certifiacte issue. It's down to you if you heed that advice.