• bunq.me links are blocked at the TU Delft

I am not sure if this is wanted information here. But perhaps it may help. Yesterday I noticed that my friends could not pay a bunq.me link I had sent to them using the eduroam WiFi of the TU Delft. I got a chrome warning, that came up because I was being redirected to the TU Delft phising page. .

I have used the 'self-service' portal of the TU Delft to send a complaint, to which they replied that, and I quote, "criminals use bunq.me links for phishing". It seems they have opened bunq.me links for now. I am unsure if this is just for me or for the entire TU Delft.

I am not sure if anything can be done against this, but I am pretty sure that at least someone might be interested in this. As bunq is a licensed bank in the Netherlands I see no reason for the TU Delft to block them.

Any thoughts on this?

    @Fastjur#150328 I assume not, but did you send the link to their TU Delft email box by any chance? I know that links in (External) incoming mail are filtered by ProofPoint. If they have bunq blacklisted then that could also be a reason. The TU Delft shouldn't just block bunq entirely, do let me know in case the links are blocked again, maybe I can poke some people internally then. 🙂👍

      @Sander#150329 No I did not. I sent the link using whatsapp to my friends. The entire domain bunq.me was blocked in the whole of TU Delft. Even when I myself visited the link from my own phone I was getting the phishing warning.

      I will let you know if they start blocking it again. It seems to me that in their line of reasoning we should also ban paypal, ideal and any other form of payments which seems really odd to me.

        It doesn’t look like the TU Delft blocked the site. It seems like there is something wrong with the configuration.

        This warning will pop up if you open a site where you can input private information Like passwords/credit cards/bank accounts and the site isn’t loaded with a correct SSL certificate.

        Please check for whom this SSL certificate is issued.
        Check like this, Number 4:

        https://www.clickssl.net/blog/how-to-fix-err_cert_common_name_invalid-in-chrome

          @Lui#150376 Yeah, so if the TU Delft serves their own certificate when re-routing the request, you get an invalid/mismatching certificate warning. That’s normal and not the result of a misconfiguration. In fact, the browsers are doing exactly what they’re supposed to do.

            @LH-Black-Wolf#150378 Yes, but that’s a miss configuration on TU Delft Site.
            Normally you wouldn’t issue your own certificate for other sites?

            And I don’t think that they actively block this site. Normal Site blocking in school is with blacklisting, and showing an error page instead of the normal page.

              @Lui#150379 What do you propose they issue instead, the real certificate for bunq.me? ;) That’s impossible unless they have the private key haha. If it is indeed blocked, the TU Delft server showing a page that the website is blocked accepts TLS connections as they support https with a certificate, the certificate of TU Delft itself. Now in a DNS blacklist, they route bunq.me to their own server. Their server obviously doesn’t have a certificate for bunq.me. So the browser expects a certificate for bunq.me, but gets a certificate from TU Delft instead and errors out.

              That’s not a misconfiguration on any side, it’s simply how that works. So they want to show the error page, but as you’re attempting to connect to https:// you get a mismatching certificate for the domain you’re attempting to visit.

                @LH-Black-Wolf#150383 Okay thx for the explanation👌

                Then could a VPN resolve this problem?

                  @Lui#150388 Yes. Perhaps setting different DNS resolvers on the phone/pc may already solve it, but that depends on how they do it. :)

                    @LH-Black-Wolf#150389 So for the person who asked the question explicitly setting DNS in network settings to (try google DND) 8.8.8.8 or (or cloudflare) 1.1.1.1 could help :)

                      @Lui#150390 Yeah but convincing your friends to do that just to use bunq.me is probably a tough sell :P

                        @LH-Black-Wolf#150391 😂👌

                          Write a Reply...