Wednesday, January 10, 2018

The Scotiabank Certificate Problem Revisited In 2018

Regular readers know that I highlighted a problem in 2017 where Scotiabank doesn't check its certificates on it's websites.  I spent 10 minutes going back through Scotiabank and checking to see if it's still as bad as it always was, or if it's gotten any better.  

Surprisingly, it's gotten worse... like a lot worse.

Modern browsers now block over half the bank from it's customers when you try to access it securely.  In this video, I document the atrocious shambles...

Wednesday, January 3, 2018

Porn Site or Banking Site?

Happy New Year.  So having taken off a week for Christmas I'm back to the usual routine of life.  

As regular readers will know, I run two YouTube channel's.  One is the personal channel, but the other is a new "niche" channel called "Bonkers Banking" that specifically covers the ridiculous antics I see out of Scotiabank. 

The most recent video was a funny quiz, where I took three excerpts posted to the website, and three excerpts posted to the site, and the viewer has to guess which text comes from which website.  

The thing that still gets me about this video is that the bank published the words to make this video even plausible.  Anyway, enough rambling - here it is.


Thursday, December 21, 2017

My Scotiabank Report to the OPCC is submitted.

So, as many people know, I've been communicating with the Office of the Privacy Commissioner of Canada about the ongoing abysmal cybersecurity farce at Scotiabank (codenamed "Project EaglePuff"). 

During a recent communication with that office, I agreed that I would consider possibly documenting some of the evidence behind what I know, to help the government grasp the magnitude of the Scotiabank cybersecurity problem and do my part to protect the general public from what these clowns at the bank are doing. That report was completed and submitted last night. It's 40 pages long, which is longer than I had anticipated.  

As you can guess, being a customer of Scotiabank has long tarnished my view of the organisation. Years of having to fight tooth and nail for a resolution to every single issue means I got tired, and for years have just let stuff slide into the black-hole of customer service oblivion at the bank. 

However, my patience only goes so far.  Years of having the bank continually try to screw me over, and dealing with arrogant people who don't give two hoots eventually got to me.  

When I realised the link between the Visa card leaks, the corporate account leaks, how the cloud was compromised, how I could hand the RCMP the SOA key, and why paying my mortgage is so damn difficult for the bank to fix, I concluded that whilst the bank will probably continue to soldier on in it's usual fashion, as one single person I could finally make a difference to help millions of others.

Here's the first page of the synopsis:

Click for bigger

Here's the continuing page of the synopsis:

Click for bigger

As you can see, it's not exactly a good tone.  However, it does give the Government plenty of ammo regarding foul-ups across three countries, and a multitude of organisations.

This is a two part operation; The OPCC report to the government is the first part, and is effectively loading gunpowder into the cannon.  Part two (the cannonball) is being organised right now.

Saturday, December 16, 2017

Setting the customer up for failure

New video on the new "Bonkers Banking" channel.  

In this video, we take what the browser manufacturers knew in 2009/2010 and what the IETF knew 5 years ago, and compare that to what the bank still has not done as we head in to 2018.

Tuesday, December 12, 2017

New Scotiabank Related YouTube Channel

So, as you can guess by the title, there's a new YouTube channel.

In short, the silliness at Scotiabank is so prolific, it was overrunning my personal vlog channel.  It was clearly going to need it's own channel.  So, the first video went up tonight.

So, if you want just the banking stuff, without the kids and other stuff, you now have your own channel.  Click subscribe to keep up to date.  

Israeli Cybersecurity To Save Scotiabank?

Apparently, a company that can't secure their own Wordpress site are going to be the saviour of Scotiabank's cybersecurity.

Also, I've had a long chat with the Canadian Government...

Friday, December 8, 2017

I bought a Christmas Octopus at Starbucks

In this vlog, I talk about my trip to Starbucks and how I bought a Christmas Octopus there.