Brussels

I guess I get to post now when flying to Brussels.

Flying SIN to BRU with Lufthansa.

BRU to MAD with Brussels Airlines (which I guess is now Lufthansa too) from 20/10 till 23/10.

BRU to BCN with Brussels Airlines from 27/10 till 31/10.

Leaving the 5th November to SIN again with Lufthansa and returning with Swiss (their brand new b777!) on July 6th.

Also changed blog timezone to Singapore.

Belgian banks & SSL ‚ÄĒ part 5

Minor end of year update. No big SSL exploits have been released since (bar DH, see below).

Once again, this is testing the public websites I can access. There might be other gateways, APIs, etc that are not (as) secure.

It’s worthy to note that some banks are serious about security and fixing their SSL. Most¬†improved their rating and solved all issues (especially getting rid of SHA1 in the chain). However, a couple lowered from B to C (see below). But… No more F’s. ūüôā

The noteworthy changers:

  • Hello Bank! went from A to B though due to weak DH,
  • Triodos lost their Forward Secrecy,
  • Optima from F to A(-) (and a bunch others from B to A, and higher),
  • A bunch¬†from B to C due to SSLLabs being more severe (see below). Most¬†did solve some of their issues,
  • BKCP is doing a lot wrong.

Edit: Tested wrong AXA domain; updated to A+.

Update 11 Jan 2016: ABK & BvB updated to A.

Note that not supporting TLS 1.2 or supporting RC4 capped sites to grade B about a year ago; it now caps to grade C (aka SSLLabs is more severe).

Grade A

Grade B

Grade C

  • PSA Bank:¬†weak signature (SHA1), no TLS 1.2, no Forward Secrecy.
  • beobank: weak DH, no TLS 1.2, RC4 (insecure), no Forward Secrecy, no secure renegotiation.
  • BKCP:¬†weak signature (SHA1), no TLS 1.2, RC4 (insecure), no Forward Secrecy, weak DH.

Grade D

  • n/a

Grade E

  • n/a

Grade F

  • n/a