Recent JAVA 0-day exploit takes down online banking in Luxembourg
The online banking in Luxembourg can be combined with certificates from LuxTrust to ease the login and electronic signing of banking transactions. LuxTrust delivers the digital certificates on a SIM card to the enduser who is then required to use a specific hardware device and middleware software to use the certificates.
Most banks use a JAVA applet to reach the middleware which has now proven to be a very serious single point of failure. Mozilla and Google deactivated the JAVA plugins in their browsers on January 12th, 2013 leaving the online banking portals with no access to the LuxTrust Middleware.
ORACLE has announced a patch for the exploit but didn’t announce a release date. LuxTrust users shouldn’t expect a solution within a short time frame and they will need to revert to the proprietary login procedures applied by each bank.
The issue shows how tightly the services provided by LuxTrust and LuxTrust partners are bound towards a single piece of software. While the usage of a JAVA applet and the JAVA security features should protect the LuxTrust services, the issue also clearly shows how vulnerable the product becomes in case on element in the production chain becomes compromised.
Changes to the TANGO Blue product
TANGO Blue is TANGO’s counterpart of the EPT LuxFibre. From the start TANGO Blue users received a public IP (compare “No public IP for EPT LuxFibre“). TANGO Blue users weren’t affected by the issues present with LuxFibre. For a while TANGO is now offering an IPTV service on the TANGO Blue access. This combination however provides the user with only a private IP, giving the TANGO Blue+IPTV users the same disadvantages. Several user reports seem to point to TANGO’s CGN, which seems to have difficulties to provide a stable bandwitdh, in some cases reports indicate a reduction of bandwitdh by ~50%. In case you have issues with your TANGO Blue product you should contact the TANGO helpdesk a.s.a.p.
Marc’s blog is accessible via IPv6
In the early days of October, 2012 I activated IPv6 for the blog. Literally hours later, on October 7, 2012, Luis left a comment on this blog while connected via IPv6.
Bad Facebook, No Cookie For You by Rachel Luxemburg
Recently Facebook has messed with our email addresses on our Facebook profiles. I found this interesting blog post by Rachel Luxemburg worthy to be shared.
LuxFibre disables alternative VoIP services?
Yes it does, unfortunately.
So why exactly? The short answer is, because the VoIP part of the Fritz!Box is moved to an isolated virtual LAN (VLAN) with no Internet access, so the Fritz!Box VoIP part cannot reach any alternative VoIP services as these are somewhere on the Internet.
But why is this necessary? The LuxFibre product is designed to provide all services over IP. This includes any telephone services (analogue, ISDN) which were previously delivered directly via copper. Telephony over IP cannot
Read the rest of this entry »
Comments are back
Thanks to Jacques, I have fixed the comments on my blog. The Enmask Captcha Plugin somehow disabled the comment feature. Sorry for that!
Which LuxFiber variant is best for me?
The FTTH/VDSL service is now available for half a year, but it is still difficult to get complete and correct information about the real setup costs and the eventual down sides of a FTTH connection.
I have been following several LuxFiber related threads on different Social Networks (Facebook, Twitter, Google+ etc) and people seem frustrated by the level of information they can get from the ISP’s sales helpdesk personnel.
Can I have FTTH (fibre) or VDSL (copper)?
FTTH Modems delivered by EPT are faulty
I have received the following fault explanation, originally written by an EPT engineer. The text seems to indicate that the current fiber equipment delivered and installed by EPT has issues to transport packets of a certain size. In the case of the user who forwarded this message, the fault was most apparent during VoIP calls using the G.711 codec.
Le problème était lié à un protocole de correction d’erreurs au niveau upstream sur l’équipement de terminaison de la fibre. Il semble qu’il y ait un bug au niveau de cet fonctionnalité qui fait que les paquets d’une taille de 200-201 bytes ne sont pas transmis correctement(i.e. 80% de perte).
Malheureusement le protocole voip G711 que vous avez utilisé génère exactement cette taille de packets et était donc fortement impacté alors que les autres flux de trafic et les différents tests ne montraient pas d’erreurs.
Suite à l’intervention de notre technicien sur place on a cependant pu cerner le problème et on a donc désactivé la fonctionnalité fautive sur votre accès en attendant un bug-fix de la part du fournisseur de
l’équipement.
So in case you are currently using the LuxFibre product and you have quality issues with VoIP applications, you might be affected by this bug. The workaround implies the intervention of an EPT technician.