Snapper.co.nz | SHA1 remediation needed.

Snapper is a known service that Kiwis use for a lot of things, from car park fees to buses, and sometimes even food shops.

Out of curiosity i decided to sneak peek the SSL certificates of Snapper and to my surprise it is.. still on SHA1. The best part of this notion is, my ever trusty Google browser gave me an indicator that the site might not be secure.

What is SSL?
https://www.digicert.com/ssl.htm

So to cut the story short, i was surprised that my logged in account showed insecurity

I do agree that it can be secure, but perhaps it is Partially secure due to its weak signature algorithm through out its trusty chain. I have indicated this to Snapper on their twitter channel, and i hope they remediate this soon.

Another flaw on the site, is the bad design of having a feedback page on HTTP when it is supposed to be on HTTPS. It is a transaction of personal information and confidential information to Snapper. The least they can do is secure it proper. Time to step up, Snapper.

Just a point to note, Snapper is behind the AWS cloud, still does not warrant a weak SHA1 D.S.A and a weak RC4 Cipher.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s