Difference between revisions of "Homebanking"

From LiluxWiki
Jump to navigationJump to search
 
(2 intermediate revisions by 2 users not shown)
Line 2: Line 2:
 
It may contain both technical workarounds (use specific browser, manipulate user agent, ...) and
 
It may contain both technical workarounds (use specific browser, manipulate user agent, ...) and
 
political actions (letter writing campaigns, ...)
 
political actions (letter writing campaigns, ...)
 +
 +
Also see [[Luxtrust|Luxtrust support]] for current (2012) news about Luxtrust support of various banks.
  
 
Please put the dates when you change the state of some information.
 
Please put the dates when you change the state of some information.
Line 20: Line 22:
 
* Raiffeisen : works flawlessly
 
* Raiffeisen : works flawlessly
  
Starting from the 17th November 2008, [https://www.luxtrust.lu LuxTrust] is used by Dexia, Spuerkeess, CCP and Fortis to protect their web banking site. Linux is officially supported and packages are available (libgemsafe) on their website.
+
Starting from the 17th November 2008, [https://www.luxtrust.lu LuxTrust] is used by Dexia, Spuerkeess, CCP and Fortis to protect their web banking site. Linux is officially supported (theoretically) and packages are available (libgemsafe/libgclib.so) on their website. However, no sources are supplied, but only an i386 binary. Tough luck if you've got a different processor (amd64, powerpc, alpha, sparc ...).
 +
 
 +
Moreover, many banks don't access the PKCS#11 through the browser interface, nor do they use [http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html Sun's PKCS#11 API]. Instead, they try to access it directly, sometimes by having a i386 binary embedded (SigningLibrary.so) in their applets that they drop into /tmp and then call via JNI. So even if Luxtrust supplied a 64 bit libgclib.so, most banks still wouldn't work due to this dodgy programming technique.
 +
 
 +
The only bank known to work with Luxtrust so far is CCP
 +
* Dexia: doesn't work (details still need to be worked out) / works with Token but requires Java
 +
* Spuerkees: doesn't work, displays generic error message. Attempts to load libgclib.so , but only looks for it in the system library path. This issue may be fixed by adding /usr/lib/pkcs11 to /etc/ld.so.conf.d , then loading succeeds, but connection still fails with same message.
 +
* CCP: works on an i386 processor (or on an amd64 running in 32 bit compatibility mode). Maps /usr/lib/pkcs11/libgclib.so module via SigningLibrary.so that it drops into /tmp as interface12345.so .
 +
* BGL: application not yet ready
 +
* ING: according to unconfirmed rumors, ING withdrew their Luxtrust support over security concerns
  
 
-----
 
-----
 
* sous [[Presse]], nouveau CP : [[CPBanquesJuin2004]]
 
* sous [[Presse]], nouveau CP : [[CPBanquesJuin2004]]

Latest revision as of 21:32, 13 June 2012

This page is to discuss about Linux & Homebanking. It may contain both technical workarounds (use specific browser, manipulate user agent, ...) and political actions (letter writing campaigns, ...)

Also see Luxtrust support for current (2012) news about Luxtrust support of various banks.

Please put the dates when you change the state of some information.

  • BglHomebanking : works with Firefox 1.0x on all platforms. Other browsers (such as Safari) are usable with minor tweak to remove a browser check. A pre-prepared login page with the browser check removed may be found here. Does not work with Firefox 1.5 (BGL is now called Fortis)
  • Fortis : works with Firefox on all platforms. Other browsers (such as Safari) are usable without any tweak. (Since the 2008 Krach, Fortis has be bought by BNP Paribas and should be renamed BNP-BGL / November 2008)
  • Dexia-Bil : On 1 March 2005, Dexia-Bil states in a private email that "la nouvelle sécurité de dexiaplus est compatible avec tous les systèmes d'exploitation (Windows, MacOS, Linux,...) et avec tous les navigateurs utilisant le SSL 128 bits ( pour exemple: Internet Explorer, Mozilla Firefox, Safari, Konqueror,....)."

Update (30/03/2005): Their new system now works perfectly with other browsers than MSIE (tested with Firefox 1.0.1 and Safari so far).

  • CCP : works flawlessly
  • Spuerkees : works flawlessly
  • ING According to www.ing.lu on 2 March 2005, ING supports "Windows / Mac / Linux; Internet Explorer, Safari ou Mozilla" since october 2004.
  • AXA / banque Ippa june 2004 : officially supports only MSIE and refuses to acknowledge the existence of others such as Macintosh or Linux
  • BL] (Banque de Luxembourg): only supports MSIE, no MAC, no GNU/Linux (didn't do any further inquiries however). Question: can anybody who has an account with them check whether the [[workaround for Fundmarket] also work for BL (they are the same company).

Update (20/09/2006): the technical support of Banque de Luxembourg stated in a telephone call that they are now supporting Firefox 1.5.x on all platforms with and without client certificate and Safari without client certificate. They left the browser check, so Opera is still not supported. (this should also be true for the FundMarket site - testing required..)

  • FundMarket: related to Banque de Luxembourg (a subsidiary of BL, use the same software?). Only accepts MSIE (and apparently Firefox on Macintosh?). They are willing to change though, if they get many calls: (+352) 26 20 26 30 (Monday to Friday from 7h30 to 18h00, or Saturday from 9h00 to 13h00). There is also an online form available where you may request to be called back. Service may be tested even by those who don't have an account by just looking at the graphs for their "colored" mutual funds (left hand side of their main page, "Accès direct" selector). Symptoms are: java applet window comes up, but stays white, while a single 0 is printed to the Java Console. The LLL Web Banking Site has a workaround.

The workaround involves a special URL to bypass their MS JavaVM/VBScript check, and recommends changing the browser's HTTP_USER_AGENT string to bypass a second check based on that!

  • Raiffeisen : works flawlessly

Starting from the 17th November 2008, LuxTrust is used by Dexia, Spuerkeess, CCP and Fortis to protect their web banking site. Linux is officially supported (theoretically) and packages are available (libgemsafe/libgclib.so) on their website. However, no sources are supplied, but only an i386 binary. Tough luck if you've got a different processor (amd64, powerpc, alpha, sparc ...).

Moreover, many banks don't access the PKCS#11 through the browser interface, nor do they use Sun's PKCS#11 API. Instead, they try to access it directly, sometimes by having a i386 binary embedded (SigningLibrary.so) in their applets that they drop into /tmp and then call via JNI. So even if Luxtrust supplied a 64 bit libgclib.so, most banks still wouldn't work due to this dodgy programming technique.

The only bank known to work with Luxtrust so far is CCP

  • Dexia: doesn't work (details still need to be worked out) / works with Token but requires Java
  • Spuerkees: doesn't work, displays generic error message. Attempts to load libgclib.so , but only looks for it in the system library path. This issue may be fixed by adding /usr/lib/pkcs11 to /etc/ld.so.conf.d , then loading succeeds, but connection still fails with same message.
  • CCP: works on an i386 processor (or on an amd64 running in 32 bit compatibility mode). Maps /usr/lib/pkcs11/libgclib.so module via SigningLibrary.so that it drops into /tmp as interface12345.so .
  • BGL: application not yet ready
  • ING: according to unconfirmed rumors, ING withdrew their Luxtrust support over security concerns