Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Ryanair website showing Chrome browser out of date warning

  • 17-04-2015 7:18pm
    #1
    Registered Users, Registered Users 2 Posts: 1,667 ✭✭✭


    Ryanair is still using TLS1.0, and no higher, which is turn is causing Google chrome browser to put a red warning line across the URL bar. The "secure" version of TLS is currently 1.2.

    One suspects that this is to accommodate the rat infested, non-updated, low-iq end of the Ryanair customer base - demonstrating little regard for the rest of us and our payment card data - because they don't want to force people with crap computers to make their reservation by phone instead, and if Ryanair wish charge them 9.99€ a minute in the process, with long periods of music on hold...... so be it.

    The incompetent and under-financed Data Protection "Authority" website has no link to name and shame data protection irresponsible websites - despite the fact that many of them are based in Ireland. And deal with transactions arising from the rest of Europe and further afield.


Comments

  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Instead of naming them and shaming them on the Data Protection site who few people look at anyway, why not politely and calmly contact the websites admins and point out this flaw to them.

    While they are enabling TLS 1.2 support they should disable SSLv3 while they are at it.


  • Registered Users, Registered Users 2 Posts: 1,667 ✭✭✭Impetus


    bedlam wrote: »
    condescending much?

    It's far more likely down to just running old version of software which do not support TLS >= 1.1

    As in "this company does not have the financial resources to allow it to use up to date software and systems"? And instead pushes the liability for security to the victim customer? Many payment cards have no limit of liability for the cardholder for fraudulent use - eg debit cards - the limit is your entire bank balance in many cases.


  • Registered Users, Registered Users 2 Posts: 1,667 ✭✭✭Impetus


    syklops wrote: »
    Instead of naming them and shaming them on the Data Protection site who few people look at anyway, why not politely and calmly contact the websites admins and point out this flaw to them.

    While they are enabling TLS 1.2 support they should disable SSLv3 while they are at it.

    This company does not want contact with the outside world. I know of no published email addresses to provide feedback. I know of no phone number for Ryanair that is not a premium rate phone number.

    And yes they should prohibit the use of SSL3 too, not to mention the RC4 cypher which is insecure on all versions of TLS and the null cypher (authentication only, no encryption), which is also a bug.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Impetus wrote: »
    This company does not want contact with the outside world. I know of no published email addresses to provide feedback. I know of no phone number for Ryanair that is not a premium rate phone number.

    And yes they should prohibit the use of SSL3 too, not to mention the RC4 cypher which is insecure on all versions of TLS and the null cypher (authentication only, no encryption), which is also a bug.

    Using my l33t skillz I am looking at 2 email addresses and 2 phone numbers you could try.

    Theres also a contact form on their site.


  • Registered Users, Registered Users 2 Posts: 2,576 ✭✭✭Skill Magill


    OP, What do you mean by crap computers? This is a website?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,667 ✭✭✭Impetus


    I am guessing that someone in Ryanair has been in touch with Google about removing the security warning on https://www.ryanair.com. They have a deal in the pipeline to use Google to sell seats. Anyway the red warning line is no longer present this afternoon.

    So "do no evil" Google has ratted on the end user and allowed Ryanair to silently continue use obsolete TLS1.0 - even though the cert expires after 31.12.2015.

    Further proof, if needed that with free services such as Google, you are the product - ie they are selling your eyeballs to companies.

    At least Ryanair start off site visits on an https:// basis. Aer Lingus still starts customer visits using a non-encrypted connection, leaving them open to other forms of attack.


  • Registered Users, Registered Users 2 Posts: 1,667 ✭✭✭Impetus


    OP, What do you mean by crap computers? This is a website?
    I am talking about client machines that are crawling with malware and obsolete software.


  • Closed Accounts Posts: 768 ✭✭✭SpaceSasqwatch


    Impetus wrote: »
    I am talking about client machines that are crawling with malware and obsolete software.

    and what the fuq has that got to do with ryanair not implementing TLS1.2??


  • Registered Users, Registered Users 2 Posts: 1,667 ✭✭✭Impetus


    and what the fuq has that got to do with ryanair not implementing TLS1.2??


    Well Mr SpaceSasqwatch, if a large mass of popular websites tolerate low standards at the client level (eg allow PCs that can only do SSL2 or whatever), which is clearly putting the customer at risk, then the unwashed masses will continue to ignore security issues. Particularly where payment card or online banking risk is involved....

    If however their bank, airline, government service, etc rejected the client, and posted a message on their PC to the effect that they have an obsolete, non-secure computer, (please do this transaction over +800 SECURETX or via the post) these people might think it was time they bought a new PC to replace the 7 year old XP machine with flash 1.0 and Java 2.1 etc. Especially if Aer Lingus, Ryanair, BoI, AIB, gov.ie etc gave them the same warning. Even the dumbest would get the message. Not that these people would be likely to have a Visa or AmEx card with a €100'000 spending limit to exploit, but there are frauds involving taking an EUR or two from a zillion people that can add up.


  • Closed Accounts Posts: 768 ✭✭✭SpaceSasqwatch


    Impetus wrote: »
    Well Mr SpaceSasqwatch, if a large mass of popular websites tolerate low standards at the client level (eg allow PCs that can only do SSL2 or whatever), which is clearly putting the customer at risk, then the unwashed masses will continue to ignore security issues. Particularly where payment card or online banking risk is involved....

    If however their bank, airline, government service, etc rejected the client, and posted a message on their PC to the effect that they have an obsolete, non-secure computer, (please do this transaction over +800 SECURETX or via the post) these people might think it was time they bought a new PC to replace the 7 year old XP machine with flash 1.0 and Java 2.1 etc. Especially if Aer Lingus, Ryanair, BoI, AIB, gov.ie etc gave them the same warning. Even the dumbest would get the message. Not that these people would be likely to have a Visa or AmEx card with a €100'000 spending limit to exploit, but there are frauds involving taking an EUR or two from a zillion people that can add up.

    lol thats funny.Your attitude that is.

    Less than 10% of pc's in ireland run xp.Didnt read your rant past that....


  • Advertisement
Advertisement