Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Aon Website Security Problem
Old 05-28-2015, 04:37 PM   #1
Full time employment: Posting here.
 
Join Date: Jul 2011
Posts: 570
Aon Website Security Problem

I have a feeling that this does not affect many people but for those that it does, I hope this is helpful. About 4 weeks ago I notified Aon that their website certificate is out of date on Google Chrome.

Google notified websites, sometime last fall, telling them that their website protocols need to change. While they missed the Google announcement (they were not the only one) 4 weeks later, Aon still has not made the change!

Aon should not have missed the Google notice about the update. Aon slow (so far not correction) is ridiculous and makes me question their security level. If I had a choice, I would not use Aon as I have lost all confidence in their concern about website security. Unfortunately, they have a contract with my former company.

Here is information about certificates https://www.us-cert.gov/ncas/tips/ST05-010

A bit of a rant but if you have control over your Aon account, I would find another provider.

If you see the red 'x' through the lock on the address website bar, you are risking your information if you log-on.
Attached Images
File Type: jpg Aon.JPG (11.2 KB, 92 views)
__________________

__________________
davef is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 05-29-2015, 10:16 AM   #2
Thinks s/he gets paid by the post
sengsational's Avatar
 
Join Date: Oct 2010
Posts: 3,815
Quote:
Originally Posted by davef View Post
If you see the red 'x' through the lock on the address website bar, you are risking your information if you log-on.
Well, not exactly. Google has made a power play to get folks off of RC4, which is old and crusty, but not broken. It's not as if your data is in the clear. Check ssllabs.com if you ever wonder, but be prepared to need to do some googling if you're not well-versed in public key encryption standards.
__________________

__________________
sengsational is offline   Reply With Quote
Old 05-29-2015, 10:31 AM   #3
Full time employment: Posting here.
 
Join Date: Jul 2011
Posts: 570
@sengsational - As I understand this, (and I am guessing you understand it better) you are technically right. I am upset however with my financial institution since they have known since last fall that this change was coming. That is when Google made the announcement, or at least the one I found. If Aon did not want to comply, they should have told me to disregard the warning.

In the meantime, they promised to make the change. The same thing happen with Yodlee I wrote to them as well and it took them 5 days to update their certificate. Aon is going on 4 weeks. It seems in this age of high security, a financial site and other sites with sensitive data should leave no room for doubt.
__________________
davef is offline   Reply With Quote
Old 05-29-2015, 10:43 AM   #4
Moderator
rodi's Avatar
 
Join Date: Apr 2012
Location: San Diego
Posts: 8,796
Unfortunately AON (hewitt) is a giant in employee benefits. They provided the interface to my former megacorps pensions, 401ks, etc. I still interface through them for my 2 small frozen pensions that I hope to start taking soon. I have no say on what provider (AON) my former megacorp uses.
__________________
Retired June 2014. No longer an enginerd - now I'm just a nerd.
micro pensions 7%, rental income 18%
rodi is offline   Reply With Quote
Old 05-29-2015, 12:55 PM   #5
Moderator
MBAustin's Avatar
 
Join Date: Jul 2010
Posts: 4,146
Quote:
Originally Posted by rodi View Post
Unfortunately AON (hewitt) is a giant in employee benefits. They provided the interface to my former megacorps pensions, 401ks, etc. I still interface through them for my 2 small frozen pensions that I hope to start taking soon. I have no say on what provider (AON) my former megacorp uses.
Ditto - we're in the same boat.
__________________
"One of the funny things about the stock market is that every time one person buys, another sells, and both think they are astute." William Feather
----------------------------------
ER'd Oct. 2010 at 53. Life is good.
MBAustin is offline   Reply With Quote
Old 06-02-2015, 08:43 AM   #6
Thinks s/he gets paid by the post
sengsational's Avatar
 
Join Date: Oct 2010
Posts: 3,815
Quote:
Originally Posted by MBAustin View Post
Ditto - we're in the same boat.
Even though you have no direct control, it might not hurt to make a post or two on social media, reporting their SSL Labs "grade"... I doubt they like to be viewed as behind the curve, and it's not THAT hard to get this stuff aligned.

Tue, 02 Jun 2015 13:26:54 UTC

1 204.152.238.55
leplb0020.portal.hewitt.com
Grade: C

2 204.152.234.55
leplb0020.portal.hewitt.com
Grade: C

1 204.152.238.22
lb31.resources.hewitt.com
Grade: C

2 204.152.234.22
lb31.resources.hewitt.com
Grade: C
Attached Images
File Type: png Capture.PNG (91.6 KB, 1 views)
__________________
sengsational is offline   Reply With Quote
Old 06-02-2015, 08:59 AM   #7
Full time employment: Posting here.
 
Join Date: Jul 2011
Posts: 570
I thought I previously reported in this thread that the site is now updated. But I do not see it so I might have done something wrong.

I think the social networking reporting is a good idea. It is one of the reasons I reported it here.
__________________

__________________
davef is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Debt problem or spending problem ? frayne FIRE Related Public Policy 9 03-11-2013 08:00 AM
The “not my problem” mindset is a problem. Midpack Other topics 14 05-01-2012 05:42 PM
Host a website myself or use a image storage website? WanderALot Other topics 18 04-11-2008 04:27 PM
Website loading problem Corporateburnout Other topics 1 10-20-2007 10:52 AM
FI/RE a nice problem to have but still a problem Grizz Hi, I am... 27 06-29-2007 02:29 AM

 

 
All times are GMT -6. The time now is 08:41 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.