Skip to main content

TD Canada Trust and Online Security


For the past few weeks I've been unable to access the TDEasyweb site. Today I discovered that it's because "TD made a corporate decision to only support Windows and Mac".

I have a few problems with this. Personally, it's a hassle because I can no longer use their easyweb site unless I go borrow someone else's computer. This seems like an anti-security measure. It's extra insult because of the way it was not communicated responsibly.

I have a bigger problem because the response I got when I talked to a manager was that the only way of dealing with it was to write to a customer feedback email address. And the reality is, if not enough people complain, then they won't do anything about it. Basically, treating my issue as one of personal preference, rather than one of technical choices and security.

But on-line security is not at all a matter of personal preference. If a majority of users decided they didn't want as many security precautions as they've got, then would that mean you should remove them? I don't think so, and I don't think anyone else does either, but that might be what you'd get if you held a vote.

To add insult to injury: people don't use Windows just because "they prefer it". Most people's technical choices are governed by a much more complicated ecosystem of supply and capitalism and monopolies and corporate choices and evolving technologies.  And Windows computers are responsible for most of the worlds security issues - for lots of reasons. So TD's decision is reinforcing the serious internet security issue that we already have.

More specific to this issue - what actually happens when I try to use their system is that I get a "Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data." So that means, in implementing their new 'security' measure (presumably as a result of the Denial of Service attacks last month), I'd guess they have decided to filter incoming requests based on the user agent, and to only accept those that are in their "support" options. This sort of makes sense because it excludes old Windows IE users, which it should, but it's a terrible way to solve their problem, which it doesn't, because that's only a small part of the problem.

[Update later today: I've had no reply from TD, but a simple experiment shows me that my guess above was correct, i.e. they're filtering the incoming traffic based on the user agent string. I used the standard development tool with Chrome to use the IE9 user string, and voila, it connects. So my personal problem is easily fixed this way, and anyone else who's using a 'non-supported' platform. I'm really not impressed ..]

TD Bank Technical Department: I have written to you, please reply.

Popular posts from this blog

Me and varnish win against a DDOS attack.

This past month one of my servers experienced her first DDOS - a distributed denial of service attack. A denial of service attack (or DOS) just means an attempt to shut down an internet-based service by overwhelming it with requests. A simple DOS attack is usually relatively easy to deal with using the standard linux firewall called iptables.  The way iptables works is by filtering the traffic based on the incoming request source (i.e., the IP of the attacking machine). The attacking machine's IP can be added into your custom ip tables 'blacklist' to block all traffic from it, and it's quite scalable so the only thing that can be overwhelmed is your actual internet connection, which is hard to do.

The reason a distributed DOS is harder is because the attack is distributed from multiple machines. I first noticed an increase in my traffic about a day after it had started - it wasn't slowing down my machine, but it did show up as a spike in traffic. I quickly saw that…

Confused by online payment processing? You're not alone.

In the old days during "polite" conversation, it was considered rude to talk about sex, politics, religion and money. You might think we're done with taboos, we're not (and I'll leave Steven Pinker to make the general argument about that, as he does so well in The Better Angels of Our Nature).

The taboo I'm wrestling with is about money - not how much you make, but about online payment processing, how it works, and what it costs. In this case, I think the taboo exists mainly because of the stakes at hand (i.e. lots of money) and the fact that most of those who are involved don't get much out of explaining how it really works - i.e. the more nuanced communications are overwhelmed by sales-driven messaging, and the nuanced stuff is either proprietary secrets or likely to get slapped down by the sales department.

In other words, if you want to really understand about online payment processing because you want to decide between one system and another, you'…

drupal, engagement, mailing lists, email

I lived, worked and studied in Costa Rica from 1984 to 1989. Ostensibly, I was there to study Mathematics at the University, and indeed I graduated with an MSc. in Mathematics supervised by Ricardo Estrada (check that page, he even advertises me as one of his past students). And yes, I do have a nine page thesis that I wrote and defended in Spanish somewhere in my files, on a proof and extension of one of Ramanujan's theories. But mathematics is a pretty lonely endeavour, and what drew me back to Central America (after the first visit, which was more of an accident), was the life and politics. The time I lived there was extremely interesting (for me as an outsider, though also painful and tragic for it's inhabitants) because of the various wars that were largely fuelled by US regional hegemonic interests (of the usual corporate suspects and individuals) and neglect (of the politicians and public) - the Contra war in Nicaragua, the full-scale guerrilla wars in El Salvador and …