Maybank2U and Maybank2E Graded As F By HTTPS Security Test

A local VPN service provider, BolehVPN earlier today have posted a rather interesting blog post regarding a test that they have recently done to nine online banking services that are operated by Malaysian-based banks. Using an automated test by Qualys SSL Labs, the good news is that majority of the test subjects are graded as A by the test which runs deep analysis on the configurations of a SSL-equipped web server. That being said, Maybank2U – which is arguably the most popular among all the test subjects – is not of part of this group. Instead, Maybank2U is graded as F in the test due to its support for SSL 2.0 which is said to be obsolete and insecure. Additionally, the test results further stated that Maybank2U also supports a number of weak ciphers and is no equipped with forward secrecy feature. While Maybank might have implemented additional security measurements around the service, this news is rather alarming given the popularity of Maybank2U among users. Similarly, the service’s enterprise counterpart – Maybank2E – is also rated F by the test although the reasons are much more worrying which include the support for insecure renegotiation and higher vulnerability to denial-of-service attack. We have reached out to Maybank for their response on this matter, so we’ll keep you posted once we receive any reply from them. As for which service that actually rated the best among nine online banking services that BolehVPN tested, the honour goes to CIMBClicks while RHB Bank is omitted from the list as an unknown internal error stops the test from being done on RHB’s online banking service.