pavelmachek (pavelmachek) wrote,

mbank.cz: bank that gets ssl wrong

Just try it. mbank.cz is widely advertised as mbank.cz... Actually I did not find any other URL in the documents I got from them. Now go to https://mbank.cz/, and what you get is:

This is probably not the site you are looking for!
You attempted to reach www.mbank.cz, but instead you actually reached a server identifying itself as ssl.mbank.com.pl. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of www.mbank.cz. You should not proceed.

Right url to reach mbank is probably https://cz.mbank.eu/. Oh, site certificate is on "BRE bank", but as far as I can tell, it is right bank. Trust me on it. You have no other way to verify it.

  • Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments