Categories
Programming Taiwan

Taiwan Bank SSL Continuous Monitoring

My previous post, titled SSL status of Taiwanese banks: a sad affair sparked a lot of visits and lot of discussion, clearly touching on something important. It was great to bring to light how well (or badly, in this case) these organizations are doing, as internet security should be one of their key focus.

Many of the organizations improved their setup since then, and it became quite troublesome to manually check each bank and each change, update the table and so on. It’s also good to have not just a snapshot in time, but a continuous record of how they were doing.

Thus I’ve hacked together some monitoring scripts, put the results online, and here’s the Taiwan Financial Institute SSL Status page.

TaiwanBankSSL
Click to check the current results

Page features include:

This is quite a bit more than “minimal features”, but wanted to make something that is actually useful.

Continue reading “Taiwan Bank SSL Continuous Monitoring”
Categories
Computers Taiwan

SSL status of Taiwanese banks: a sad affair

Today there was a story on Hacker News, how someone tweeting a screenshot of a bank’s SSL certificate got harassed by the bank in Greece. This got me thinking about the status of the banks here in Taiwan, especially how this place is so wired and online now. So I took a list of taiwanese banks and run each of their sites through the SSL Test. From past experiences I haven’t had my hopes up, but boy is the result ugly…

SSLTest_F
The usual result of this exercise

SSL Test Overview

I had a list of 43 banks, and for a quick overview I took into account a few key features only. The first is whether there are any active vulnerabilities against the site according to the test (these were mostly CRIME, FREAK, and POODLE attacks). The second is whether RC4 encryption was enabled, as it is now prohibited, and having it on is an automatic Payment Card Industry Data Security (PCI) compliance failure, according to one of the commenters. Other various warnings are mentioned when something really stands out, they are not crucial but more nice to have (though I’d contend that Forward Secrecy and HTTP Strict Transport Security is more than “nice” for anything financial).

Edit: Since publishing this post, there’s a brand new password recovery attack against RC4, so it’s even more urgent to switch it off.

Continue reading “SSL status of Taiwanese banks: a sad affair”
Categories
Life Thinking

I know less now than I did as a kid

As part of my new-year reflections and resolutions, I’ve looked at how well-rounded human being I am. How do I look at the things around me, and how are my interests? Are they wide enough, are they deep enough (by whatever metric)? I came to the conclusion that I knew much more as a kid than I know now as an adult, regressed in a lot of areas, and it’s worth taking a look at why that could have happened & what does it really mean? Do I need to be worried about that?

Let’s see some examples of things that occupied the mind of kid-me and now-me…

Kid-me knew more

Dinosaurs & Prehistory

Triceratops
Triceratops

I don’t think there are many kids who were not fascinated by dinosaurs! I had a bunch of books about them, and about other prehistoric creatures. It’s amazing to see life forms that are not found anymore, and also see how they connect to animals living now. It’s a whole different world that is amazing to imagine. This also includes prehistoric people, their ways of living, a much simpler, very different way of being. This put everything into perspective, gained an appreciation to looooong times, and change all around us on earth.

Continue reading “I know less now than I did as a kid”
Categories
Maker

Solar powered Tibetan prayer wheel circuit

There are all kinds of toys and fun gadgets around the house for most people that might work or be broken, but either way most people wouldn’t know how do they work inside. For example take this solar powered Tibetan prayer wheel. There are many of these out there, and found one at home lying around as well. It didn’t seem to work, and thought why not take apart to take a look?

Solar powered Tibetan prayer wheel
Solar powered Tibetan prayer wheel

The inside of this Tibetan prayer wheels is pretty straightforward: taking off the bottom cover out come two ballast stones, and drivebox with a solar panel hanging off it. The drivebox is connected to the prayer wheel outside via a rectangular shaft to turn it.

Continue reading “Solar powered Tibetan prayer wheel circuit”
Categories
Maker Programming

Navspark: Arduino for GPS, GLONASS, and Beidou

Navspark and parts laid out
Navspark unboxing: board, antenna, pins

I’m very much into satellite navigation as previous projects might show (my IT travel pack, StartupBus tracking, GPS satellite tracking). Because of this I was very excited to see an Indiegogo project for Navspark, an Arduino compatible GPS, GLONASS, and Beidou receiver. I guess everyone knows GPS, GLONASS is the equivalent Russian satellite network, and Beidou is the same for China.

I have signed up to support it for two main reasons: it’s a Taiwanese project (Skytraq, the company behind Navspark is in in Hsinchu city in Taiwan), and I haven’t seen anything about Beidou before.

They barely made the campaign, but it’s not for the lack of quality. There were a lot of updates during and afterwards as well as the project was developing. Those were good behind the scenes information, got to see what parts of hardware development are more troublesome than others.

The Navspark board

Navspark unboxing: board, antenna, pins
Navspark unboxing: board, antenna, pins

The rewards just shipped this week, and since for this campaign I’m a “local”, I got it pretty early. I got my Navspark GPS/Beidou (BD) version in a big envelope, together with an antenna, some pin and a jumper.

Continue reading “Navspark: Arduino for GPS, GLONASS, and Beidou”