Maybank2U and Maybank2E Graded as ‘F’ by HTTPS Security Test, Lowest Among Eight Local Online Banking Services

 

(Lowyat.net) – A local VPN service provider, BolehVPN earlier today have posted a rather interesting blog post regarding a test that they have recently done to nine online banking services that are operated by Malaysian-based banks. Using an automated test by Qualys SSL Labs, the good news is that majority of the test subjects are graded as A by the test which runs deep analysis on the configurations of a SSL-equipped web server.

That being said, Maybank2U – which is arguably the most popular among all the test subjects – is not of part of this group. Instead, Maybank2U is graded as F in the test due to its support for SSL 2.0 which is said to be obsolete and insecure. Additionally, the test results further stated that Maybank2U also supports a number of weak ciphers and is no equipped with forward secrecy feature.

While Maybank might have implemented additional security measurements around the service, this news is rather alarming given the popularity of Maybank2U among users. Similarly, the service’s enterprise counterpart – Maybank2E – is also rated F by the test although the reasons are much more worrying which include the support for insecure renegotiation and higher vulnerability to denial-of-service attack.

Read more at: http://www.lowyat.net/2013/10/28/14502/maybank2u-and-maybank2e-f-grade-ssl-labs/