Scotiabank Internet Whizzkids Screw Up Their HTTPS Security Certs

posted by mrpg on Sunday September 10, @07:56AM   Printer-friendly
from the world-class-digital-solutions dept.
MrPlow writes:

Submitted via IRC for Bytram

The team behind Scotiabank's Digital Banking Unit isn't impressing some customers, after forgetting to renew the security certificates for their own website.

The DBU was set up last year to sell "world class digital solutions" to electronic banking customers around the world. But Jason Coulls, CTO of food safety testing company Tellspec and a former banking software developer, tipped off The Register that the bank's hipster factory certificates had expired nearly five months ago.

"Tuesday next week is the five month anniversary of the certificate expiring and no one has noticed," he said. "This from a group supposed to showcase how smart the bank's IT people are. The irony is strong in this one."

[...] In 2016 he spotted that the bank's mobile app had some rather unusual features – notably that the programmers had laden the code with f‑bombs. He informed the bank in April and got no response, so let the regulators know. Scotiabank fixed the code within 24 hours.

Source: Scotiabank internet whizzkids screw up their HTTPS security certs

Original Submission


  • (Score: 2) by Whoever on Sunday September 10, @08:26AM

    by Whoever (4524) on Sunday September 10, @08:26AM (#565907)

    The certificates have expired, but they are issued to "webflow.io" not Scotiabank.com.

    Using certs for the wrong domain is surely a bigger issue.

  • (Score: 2) by maxwell demon on Sunday September 10, @08:55AM

    by maxwell demon (1608) Subscriber Badge on Sunday September 10, @08:55AM (#565911) Journal

    Don't confuse smartness with competence. They were clearly smart enough to hide their incompetence for long enough to get into this position.

  • (Score: 0) by Anonymous Coward on Sunday September 10, @09:02AM

    by Anonymous Coward on Sunday September 10, @09:02AM (#565913)

    Only uncool old Luddites use certs. Hip hippy hipsters use apps! Appy appers apping apps. Apps, apps, and moar apps!

    Because apps, amirite?

