Categories
Travel

SIN – DXB – BRU

Emirates. Finally. Been trying so long to fly with them. And in business class. 🙂

1x A380 and 3x B777.

I’ll be around for a few drinks in Belgium !

Categories
Travel

Brussels

I guess I get to post now when flying to Brussels.

Flying SIN to BRU with Lufthansa.

BRU to MAD with Brussels Airlines (which I guess is now Lufthansa too) from 20/10 till 23/10.

BRU to BCN with Brussels Airlines from 27/10 till 31/10.

Leaving the 5th November to SIN again with Lufthansa and returning with Swiss (their brand new b777!) on July 6th.

Also changed blog timezone to Singapore.

Categories
Travel

Surreal

surreal

Grounded flights here.

Categories
Misc

Facebook Safety Check

Never thought I’d ever have to mark myself safe …

fb-safety-check

Categories
Linux Networking Software www

Belgian banks & SSL — part 5

Minor end of year update. No big SSL exploits have been released since (bar DH, see below).

Once again, this is testing the public websites I can access. There might be other gateways, APIs, etc that are not (as) secure.

It’s worthy to note that some banks are serious about security and fixing their SSL. Most improved their rating and solved all issues (especially getting rid of SHA1 in the chain). However, a couple lowered from B to C (see below). But… No more F’s. 🙂

The noteworthy changers:

  • Hello Bank! went from A to B though due to weak DH,
  • Triodos lost their Forward Secrecy,
  • Optima from F to A(-) (and a bunch others from B to A, and higher),
  • A bunch from B to C due to SSLLabs being more severe (see below). Most did solve some of their issues,
  • BKCP is doing a lot wrong.

Edit: Tested wrong AXA domain; updated to A+.

Update 11 Jan 2016: ABK & BvB updated to A.

Note that not supporting TLS 1.2 or supporting RC4 capped sites to grade B about a year ago; it now caps to grade C (aka SSLLabs is more severe).

Grade A

Grade B

Grade C

  • PSA Bank: weak signature (SHA1), no TLS 1.2, no Forward Secrecy.
  • beobank: weak DH, no TLS 1.2, RC4 (insecure), no Forward Secrecy, no secure renegotiation.
  • BKCP: weak signature (SHA1), no TLS 1.2, RC4 (insecure), no Forward Secrecy, weak DH.

Grade D

  • n/a

Grade E

  • n/a

Grade F

  • n/a