Banking website refuses connection from FreeBSD

drhowarddrfine

Son of Beastie

Reaction score: 2,358
Messages: 4,318

phalange nope. Incompetence. They are basing their page code on the operating system but browsers don't follow operating system code. They have their own standards. Why would one make their page display differently or at all based on O S?
Stupidity on display
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,332
Messages: 38,847

It would make sense to check the OS if they used a plugin that only works on Windows, MacOS and Linux. But even then it's not very useful to look at the User-Agent string.
 

obsigna

Daemon

Reaction score: 893
Messages: 1,284

Some banks here in Brazil utilize a module which is called Warsaw, that needs to be installed on the local computer. This technology belonged to Diebold but seems to have been taken over by the Stefanini Group:

https://stefanini.com/en/solutions/products/topaz

I would not buy a used car from them, but seems that Banco do Brasil and Caixa Economica trust them to the extend of deploying the Topaz module for their security solutions. This modules are available for Windows, Mac and Linux. I analysed what it does on the Mac.

In Portuguese language: https://obsigna.com/articles/1487785556.html
In English by the Bing-Translator: https://www.microsofttranslator.com...=https://obsigna.com/articles/1487785556.html

It installs a local self-signed X.509 CA certificate, and a service which listens on 127.0.0.1. On connecting the bank, the local service provides said certificate to the web application for the obvious purpose of authenticating the client’s computer with the bank’s server.

Probably this kind of solution, that is limited to said OS's, is not only used by Banks in Brazil.
 

Alain De Vos

Daemon

Reaction score: 649
Messages: 2,169

What is wrong with a self-signed certificate or a service which listens on a non-routable IP-address ?
 

obsigna

Daemon

Reaction score: 893
Messages: 1,284

What is wrong with a self-signed certificate or a service which listens on a non-routable IP-address ?
Nothing, besides that this security solution is not available for FreeBSD 😜

PS: Of course we want this only be installed by a trusted site on our systems. Who guarantees that this service which runs as root on the Mac does only submit the certificate via the web application to the other end. It could well submit any document of my computer as well.
 

astyle

Daemon

Reaction score: 481
Messages: 1,111

FWIW, in the US, Intuit has a central service (and a few datacenters around the country) that acts as proxy between you and the banks. It used to be free until a little over a year ago. I spent a few months trying to make GnuCash work instead of Quicken, but that was a no go. Browsers and phone apps are all that's left for me. At least in my case, the bank doesn't care what I use, filtering is based on IP and MAC address.
 

sidetone

Daemon

Reaction score: 910
Messages: 1,864

I thought I was having a problem like this from trying to access my email from my computer. Then, later I couldn't get into FreeBSD forums, so I thought, this wasn't a similar problem.

I upgraded GNUTLS, and the forums worked. Then, I upgraded NSS and I could access my email. I had a similar problem from when I needed to upgrade an encryption dependency for OMEMO to work on XMPP. With the latest issues of a browser or application, this has happened, because of an outdated dependency. This may not be the problem you're having, but it will help with many similar problems.

Edits: then, my email stopped working again.

A lot of bots have an irregular internet client. FreeBSD isn't well known, so maybe it gets caught in the filter with that.
 
Top