Bell Canada Sympatico is one of the largest Internet providers in Canada. After repeated requests over the past month to multiple addresses at Bell Canada/Sympatico's security and network contacts, I have given up hope. Their billing server, https://www.billing.sympatico.ca/, is still running Netscape 3.6 SP3 with a 40 bit export-level encryption key. They insist that this is strong encryption, and the people answering my emails are too incompetent to understand my concerns that they use a stronger encryption key. The responses I generally received were that I did not have my mouse in the right place to see the padlock. This server is used to store all the personal and billing information for customers of Bell Sympatico. It also allows customers to modify their account settings and preferences. Given the age of the software and the known exploits for it, along with the weak encryption key in use, I recommend not using the online account management system, and complaining very loudly to Bell. -- George Staikos _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Tue Oct 29 2002 - 16:08:42 PST