Log In
Register
Home
Topic RSS
Facebook
Twitter
Email this3:21 pm
February 4, 2017
Offline
Hi all. Nice to find this forum. I've been looking around a bit and lots of info to digest.
I've been looking around for deals on GICs and savings accounts. Cannex.com has been very helpful.
I see some decent deals from little unknown(to me) credit unions. My first chore was to test site security at ssllabs.com. Results were mixed on the few I checked.
Hubert was the first to draw my interest. Yesterday they got a poor ssl report. I emailed them about it. Never heard back. Today they are receiving an A.
Alterna rated an A today but will be downgraded to C this month if updates are not applied.
Peoples Trust was a strange one. They do not implement ssl throughout the site. I had trouble running sslabs test. I did manage to run the test on their login address and it reported an A.
Hubert, Outlook Financial, and Steinbach Credit Union reported solid A.
Oaken and Achieva got B.
That's as far as I got. One needs to know the online bank they deal with is secure. Good idea to run your own tests at ssllabs.com. A+ is a possible score but I've rarely run across it.
1:16 am
October 21, 2013
Online
I must admit that I know nothing about this, and don't really know what you are reporting on.
But why would ratings change so frequently and substantially?
6:10 am
May 24, 2016
Offline
I'd be interested in learning about this too.
7:39 am
January 4, 2015
Offline
Like all software products, there are constantly new flaws discovered. TLS/SSL is no exception. Today it can be very difficult to perfectly configure website security, a small change can have a large affect. And tomorrow a new flaw might be discovered that requires another change. Keeping on top of this can be very difficult, ssllabs.com has done wonders to increase awareness, keep track of flaws and weaknesses and point people in the right direction to improving security. Keep in mind that a lower score does not mean a site is insecure. There are often very valid reasons for TLS configurations that produce lower scores, such as supporting an older web browser that many people still use.
9:42 am
April 6, 2013
Offline
Also, some of the vulnerabilities tested for don't really apply to online banking.
The example of Alterna Bank rated A now and C in a month is because their site allows triple DES encryption, a cipher that has a 64-bit block size. That makes their site hypothetically vulnerable to a Sweet32 attack.
However, Sweet32 attack requires about 785 GB of traffic in one single session. That much data over a high-speed 10 MBit/sec Internet connection would take at least 7½ days to transfer!
To be vulnerable, someone would have to sign into online banking, stay signed into the same session for at least 7½ days, and have downloaded the equivalent of 190 DVD movies worth of data in that same session.
1:57 pm
February 4, 2017
Offline
Good info Norman1 and ertyu. Thanks.
I'm not up on the technical end of things by any means. All I have to go on is the score posted. At one time, I thought the padlock or https was good enough but its more complex than that.
I would also like to see banks, credit unions, etc. use 2FA.
I have been using a pay-for Vpn service in recent years and that has proven well worth the money.
7:33 pm
October 21, 2013
Online
So, is there any advice for those of us who don't have a clue?
12:41 pm
February 4, 2017
Offline
Loonie said
So, is there any advice for those of us who don't have a clue?
You should check the websites you deal with for security. Use an up to date browser.
Go to ssllabs.com. Copy the address of the site you want to check to their input box. The test will run. It may take a few minutes. Your email service is a good one to check first. Most return an A and rarely an A+.
You want to make sure your private data is secure.
8:25 pm
October 21, 2013
Online
thanks.
but, then, you are also saying that these ratings may change often and I may not know what that means? how do I deal with the results of my inquiry?
6:17 pm
February 4, 2017
Offline
The ratings should not change if the tech department of said business keeps up with upgrades. My general rule is A is safe. Anything less is not acceptable to me. Good idea to run these tests occasionally for your own protection.
I'm not savvy enough to make sense of the technical aspects regarding ssl.
10:49 am
March 19, 2017
Offline
To be clear mmit do you go to this site:
https://www.trustworthyinternet.org/ssl-pulse/
Then enter the web address from the online banking page?
HERE ARE SOME RATINGS.....
PEOLES TRUST: A
https://www6.memberdirect.net/brand/bc_peoplestrust/OnlineBanking/Accounts/
OUTLOOK FINANCIAL: A
https://www6.memberdirect.net/brand/celero_outlook/OnlineBanking/Accounts/
Both Peoples and Outlook use the same outsourced online banking solutions provider called Member Direct. That is why the online experience appears very similar…https://www.central1.com/digital-payments/direct-banking-solutions
IMPLICITY: A
https://www.implicity.ca/OnlineBanking/
HUBERT: A
https://secure.happysavings.ca
ACHIEVA: B
online.cambrian.mb.ca
OAKEN: B
https://online.oaken.com/cb/pages/jsp-ns/login-cons.jsp
ROYAL BANK: Domain name is too large (param d) - GOT THIS ERROR MESSAGE
https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&LANGUAGE=ENGLISH&_ga=1.25809848.403504681.1491154207
SCOTIABANK: A-
https://www2.scotiaonline.scotiabank.com/online/authentication/authentication.bns
TD CANADA TRUST: A
https://easyweb.td.com/waw/idp/login.htm?execution=e1s1
12:03 pm
March 19, 2017
Offline
I'm going to open an account with Alterna one of these days... they are rated A today and C in the near future... I suppose the threat of hacking has become so pervasive the IT geniuses have to build a virtual Fort Knox daily.
https://blog.qualys.com/ssllabs/2017/01/18/ssl-labs-grading-changes-january-2017
Interesting article on credit unions getting in the banking (CDIC insured) game...http://www.theglobeandmail.com.....e32587351/
Please write your comments in the forum.