Monday, April 2, 2018

It's alive...

You will remember from my previous post, that I've been working for the past few months on a bank security related project.

It's now live...

Right now, we're only publishing the Canadian bank positions, but having said that, we've got all the major UK banks being checked and the major US banks too, and the data is pretty educational.  

Wednesday, March 28, 2018

The Digital Banking Security Index

So, if you are a bank or you have a bank account, you are going to want to keep your eyes on these two places for forthcoming announcements:


In a nutshell, the manual checks I used to do on my banks at CIBC and later ScotiaBank have now been automated and now the entire country of Canada has been onboarded.  By checking all the banks with the same tests, and augmenting these tests on a per-bank basis to take into account known vulnerabilities, billboard style charts have been running off for a few months, and now these billboard-style charts are being made public.

In addition, the big four banks in USA, UK and Australia were onboarded to allows us to see where Canadian banks sit when compared to foreign banks.  Charts for those countries are in the works as more banks are onboarded.

The website will be up shortly, which has the full chart each month.  Details to follow soon on social media. 

Wednesday, January 10, 2018

The Scotiabank Certificate Problem Revisited In 2018

Regular readers know that I highlighted a problem in 2017 where Scotiabank doesn't check its certificates on it's websites.  I spent 10 minutes going back through Scotiabank and checking to see if it's still as bad as it always was, or if it's gotten any better.  

Surprisingly, it's gotten worse... like a lot worse.

Modern browsers now block over half the bank from it's customers when you try to access it securely.  In this video, I document the atrocious shambles...

Wednesday, January 3, 2018

Porn Site or Banking Site?

Happy New Year.  So having taken off a week for Christmas I'm back to the usual routine of life.  

As regular readers will know, I run two YouTube channel's.  One is the personal channel, but the other is a new "niche" channel called "Bonkers Banking" that specifically covers the ridiculous antics I see out of Scotiabank. 

The most recent video was a funny quiz, where I took three excerpts posted to the website, and three excerpts posted to the site, and the viewer has to guess which text comes from which website.  

The thing that still gets me about this video is that the bank published the words to make this video even plausible.  Anyway, enough rambling - here it is.


Thursday, December 21, 2017

My Scotiabank Report to the OPCC is submitted.

So, as many people know, I've been communicating with the Office of the Privacy Commissioner of Canada about the ongoing abysmal cybersecurity farce at Scotiabank (codenamed "Project EaglePuff"). 

During a recent communication with that office, I agreed that I would consider possibly documenting some of the evidence behind what I know, to help the government grasp the magnitude of the Scotiabank cybersecurity problem and do my part to protect the general public from what these clowns at the bank are doing. That report was completed and submitted last night. It's 40 pages long, which is longer than I had anticipated.  

As you can guess, being a customer of Scotiabank has long tarnished my view of the organisation. Years of having to fight tooth and nail for a resolution to every single issue means I got tired, and for years have just let stuff slide into the black-hole of customer service oblivion at the bank. 

However, my patience only goes so far.  Years of having the bank continually try to screw me over, and dealing with arrogant people who don't give two hoots eventually got to me.  

When I realised the link between the Visa card leaks, the corporate account leaks, how the cloud was compromised, how I could hand the RCMP the SOA key, and why paying my mortgage is so damn difficult for the bank to fix, I concluded that whilst the bank will probably continue to soldier on in it's usual fashion, as one single person I could finally make a difference to help millions of others.

Here's the first page of the synopsis:

Click for bigger

Here's the continuing page of the synopsis:

Click for bigger

As you can see, it's not exactly a good tone.  However, it does give the Government plenty of ammo regarding foul-ups across three countries, and a multitude of organisations.

This is a two part operation; The OPCC report to the government is the first part, and is effectively loading gunpowder into the cannon.  Part two (the cannonball) is being organised right now.

Saturday, December 16, 2017

Setting the customer up for failure

New video on the new "Bonkers Banking" channel.  

In this video, we take what the browser manufacturers knew in 2009/2010 and what the IETF knew 5 years ago, and compare that to what the bank still has not done as we head in to 2018.

Tuesday, December 12, 2017

New Scotiabank Related YouTube Channel

So, as you can guess by the title, there's a new YouTube channel.

In short, the silliness at Scotiabank is so prolific, it was overrunning my personal vlog channel.  It was clearly going to need it's own channel.  So, the first video went up tonight.

So, if you want just the banking stuff, without the kids and other stuff, you now have your own channel.  Click subscribe to keep up to date.