Maybank Improves HTTPS security, joins top ranks while BSN, Affin and Muamalat remain at Grade F
Unfortunately Bank Simpanan Nasional, Affin Bank, Bank Muamalat remained at Grade F. AmOnline and Bank Rakyat maintained their B ratings. We remained unable to test RHB. Some people thought this meant that RHB had better security, but this is not necessarily so, it just means it could not be tested due to some error either with the test script or with the website itself.
BolehVPN
It’s been 3 days since we first posted our tests on Malaysian banks which gained quite a lot of publicity. Thanks to everyone who shared and spread the word. Let’s see who has taken it to heart and upgraded their security? We are only retesting those sites that scored an F rating which were:
- Maybank2u/Maybank2e
- Affin Bank
- Bank Muamalat
- Bank Simpanan Nasional
and also those who scored a B rating which were
- AmBank
- Bank Rakyat
Maybank2U: Grade A
Maybank now becomes one of the top ranking banking websites in Malaysia and in some cases in case of RC4 support and Session resumption, is even better than CIMBClicks. It is reassuring to see the speed in which this was resolved. It even supports TLS1.1 and 1.2 now!
There were quite a few people who complained that we were paid to do a smear campaign on Maybank but this is far from the truth. Others expressed that Maybank2U required the SSL2.0 support for people who could not upgrade from IE6. We responded to say that IE6.0 with service packs installed did indeed have SSL3.0 support and that insecure protocols should not be tolerated lest it give the false sense of security to users. We have been validated by Maybank fixing these issues on their site within 2 days.