Banking website refuses connection from FreeBSD

phalange nope. Incompetence. They are basing their page code on the operating system but browsers don't follow operating system code. They have their own standards. Why would one make their page display differently or at all based on O S?
Stupidity on display
 

SirDice

Administrator
Staff member
Administrator
Moderator
It would make sense to check the OS if they used a plugin that only works on Windows, MacOS and Linux. But even then it's not very useful to look at the User-Agent string.
 

obsigna

Profile disabled
Some banks here in Brazil utilize a module which is called Warsaw, that needs to be installed on the local computer. This technology belonged to Diebold but seems to have been taken over by the Stefanini Group:

https://stefanini.com/en/solutions/products/topaz

I would not buy a used car from them, but seems that Banco do Brasil and Caixa Economica trust them to the extend of deploying the Topaz module for their security solutions. This modules are available for Windows, Mac and Linux. I analysed what it does on the Mac.

In Portuguese language: https://obsigna.com/articles/1487785556.html
In English by the Bing-Translator: https://www.microsofttranslator.com...=https://obsigna.com/articles/1487785556.html

It installs a local self-signed X.509 CA certificate, and a service which listens on 127.0.0.1. On connecting the bank, the local service provides said certificate to the web application for the obvious purpose of authenticating the client’s computer with the bank’s server.

Probably this kind of solution, that is limited to said OS's, is not only used by Banks in Brazil.
 

obsigna

Profile disabled
What is wrong with a self-signed certificate or a service which listens on a non-routable IP-address ?
Nothing, besides that this security solution is not available for FreeBSD 😜

PS: Of course we want this only be installed by a trusted site on our systems. Who guarantees that this service which runs as root on the Mac does only submit the certificate via the web application to the other end. It could well submit any document of my computer as well.
 
FWIW, in the US, Intuit has a central service (and a few datacenters around the country) that acts as proxy between you and the banks. It used to be free until a little over a year ago. I spent a few months trying to make GnuCash work instead of Quicken, but that was a no go. Browsers and phone apps are all that's left for me. At least in my case, the bank doesn't care what I use, filtering is based on IP and MAC address.
 
I thought I was having a problem like this from trying to access my email from my computer. Then, later I couldn't get into FreeBSD forums, so I thought, this wasn't a similar problem.

I upgraded GNUTLS, and the forums worked. Then, I upgraded NSS and I could access my email. I had a similar problem from when I needed to upgrade an encryption dependency for OMEMO to work on XMPP. With the latest issues of a browser or application, this has happened, because of an outdated dependency. This may not be the problem you're having, but it will help with many similar problems.

Edits: then, my email stopped working again.

A lot of bots have an irregular internet client. FreeBSD isn't well known, so maybe it gets caught in the filter with that.
 
Top