Problem with site certificate

Tue Dec 2 13:31:20 UTC 2008

2008/12/2 Jason Crain <jason at bluetree.ath.cx>:
> On Tue, December 2, 2008 3:12 am, Ray Parrish wrote:
>> I just tried to access my US Bank online account's Bill Pay page, and it
>> returns the following error message -
>>
>> billpay.usbank.com uses an invalid security certificate.
>>
>> The certificate is not trusted because it is self signed.
>> The certificate is only valid for <a id="cert_domain_link"
>> title="localhost.localdomain">localhost.localdomain</a>
>> (Error code: sec_error_untrusted_issuer)
>
> I get an error in IE also.  You can click the "Add an exception..." link
> at the bottom of the error page, but I would be wary of using a bank that
> has this kind of security issues.  Call and tell them you get an error
> message.
>

Note that when you speak to the bank, be ready for the "we don't
support Firefox" line. Then inform them that it is not a Firefox
issue, but rather the problem lies in the fact that the bank is using
a self-signed certificate, which is fundamentally insecure (think man
in the middle attack). When the drone does not understand "your" issue
you must insist that it is not "your" issue and that is is the bank's
issue. The bank must either fix the problem or you will report them to
FINRA and SIPC. Both these organizations (and your bank should be a
member of both) forbid the lax attitude that your bank is displaying.

Don't forget to mention that you use Ubuntu! Always a good opportunity
to spread awareness, even to the drone on the other end of the phone.

-- 
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il

א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת
ا-ب-ت-ث-ج-ح-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه‍-و-ي
А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-Р-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-Э-Ю-Я
а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я
ä-ö-ü-ß-Ä-Ö-Ü