Belgium

Belgian banks & SSL — part 5

18 Dec 2015 · linux, networking, software, www

Minor end of year update. No big SSL exploits have been released since (bar DH, see below).

Once again, this is testing the public websites I can access. There might be other gateways, APIs, etc that are not (as) secure.

It’s worthy to note that some banks are serious about security and fixing their SSL. Most improved their rating and solved all issues (especially getting rid of SHA1 in the chain). However, a couple lowered from B to C (see below). But… No more F’s. :)

Europe

15 Nov 2015 · misc

Belgian bank & SSL slashdot effect

28 Feb 2015 · misc

Quick wrap up of the slashdot effect 10 days ago.

A peak of 12k views on Monday 16/02, with a small buildup on Sunday (15/02).

The top pages were Part 3, Part 1, Part 4 and Part 2 respectively.

De Redactie is the highest referrer, surpassing De Morgen (first to publish in printed media, front page) & Datanews (first to publish online):

Second highest, after Twitter (t.co), was Tweakers (Dutch website, oddly enough).

OS wise, about 60% is Windows, 12% of OSX and 10% of iOS; 79% desktop, 15% phones, 6% tablets. Way more mobile than I expected to be honest.

Belgian banks & SSL — part 4

16 Feb 2015 · linux, misc, networking, software, www

Because of the mediastorm it’s time for an update. The previous (1, 2, 3) blog posts are outdated!

I’ll do my usual slashdot-effect post in a couple of days (it’s already at 10k views today).

Banks that changed rank since last post (all for the better):

16/02/2015:
- Keytrade: B to A
- Hello Bank!: C to A
- ING: F to A-
- Record Bank: F to A-
17/02/2015:
- ABK: F to B
- Bank Van Breda: C to B
18/02/2015:
- MeDirect: F to A
- Added 6 new (small) banks
27/02/2015
- Ogone: C to A-
02/03/2015
- Fortuneo: C to B
03/03/2015
- Crelan: B to A

I cannot test Europabank using SSL Labs. I can only speculate they requested SSL Labs to not scan them. I have also added a couple new banks (Delta Lloyd, Deutsche Bank, Moneyou, Fortuneo, BKCP, Binck, and Isabel as bank tool).

Belgian banks & SSL — part 3

15 Feb 2015 · linux, misc, networking, software, windows, www

EDIT: ING is now A- (not reflected in this blog post). EDIT 2: Keytrade & Hello Bank also went to A. I’ll post a new blog post later tonight. EDIT 3: Updated post here.

Part three, or how I single-handedly “fixed” SSL at the Belgian banks. ;)

Part one and two are available here. Not related but useful nonetheless NY Times article about bank hackers.

Argenta promised to fix their SSL, so it’s the time to check everything again.

Belgian banks & SSL -- part 2

1 Feb 2015 · linux, misc, networking, software, windows, www

I previously wrote about Belgian banks & SSL. Updated version (15/02/2015) here.

Going through my Google Analytics I noticed some noteworthy network domains, which Google discribes as “The fully qualified domain names of your visitors’ Internet service providers (ISPs)”.