Third Party Javascript
So a bank is using 3rd party javascript on their site?
Sounds like a recipe for disaster.
Parent firm Santander is reassuring customers that the website of its banking subsidiary Alliance & Leicester is secure despite the presence of JavaScript on its login pages served up from recently created sites of unknown provenance. Reg reader Matt Freeman said he was prompted with a SSL certificate warning from a domain …
This post has been deleted by its author
As a Santander customer who can only access my accounts by entering via the A & L web site (though no longer have an A & L account) I can say that from personal experience Santander have not a clue about who their customers are, what they want, or dare I say it why they should even think of trying to access their own money.
The only way I got some of my own money out of them was to keep going through the massed ranks of plonkers till one finally understood that they had set the whole thing up completely wrongly.
No longer the Abbey Habit, now simply Spanish Practices.
Unfortunately it is increasingly difficult to find a real bank.
Some day, I fear, the great Santander system will swallow cahoot too - the only part of their Empire which still has real working systems and real people to resolve issues rather than compound them.
When I bank at JP Morgan Chase, their website tries to go to doubleclick.com, which I have thoroughly blocked at three levels: my firewall, my hosts file, and AdBlock+.
And since they've recently bought 3 failed banks, I'm sure they have no idea who their customers are. I signed up for their credit card 8 months ago, and yesterday I got no fewer than 3 applications for the same card in my snail mail.
Online banking is indeed a fad, surprised anybody would want to use it. I Also find using that plastic cash a needless encumberment, too! And don't get me started on this paper-and-metal-coins malarkey, either.
For me it's pig iron ingots all the way, and animal hides for the change.
Let's compare apples with apples eh?
1 if you use a card, then in many petrol stations now you can pay at the pump, thereby avoiding having to go into the booth, and join a hideously long queue at all.
2 if you go into the booth to pay, (and there's no queue) then it might be slightly quicker (takes me about 10-15 seconds) but you will have had to take the time and had the foresight to go to the bank/ATM first, in order to have that cash in your pocket in the first place, and how much longer does that take? 5 - 20 minutes?
So 5minutes to save maybe 10 seconds. Bravo!
That is unless you walk about with your wallet perpetually full of cash, in which case, you've got some balls on you - or too much money :-)
Personally I despise people who go to a pay-at-the-pump station, then dawdle off to the booth (and the queue) to pay, and I'm sat, finished and paid up, at the pump behind waiting to get out because they either didn't pull in close enough to the pump so I could get out, or the station is too narrow.
Grrrr!
I've too much money
B: I do walk with my wallet stuffed with cash ( lopsided)
C: I live in a crime-free area
D : What's it to you ?
E : I pay at the pump anyway since I get cash-back on my credit card
F: I always use Internet banking ( with 20 digit passwords)
G: If I went to the booth I'd use credit card (see E)
... Block Javascript, and the Rapport nags (irrelevant to me since I use an incompatible and significantly-less-vulnerable-to-start-with browser) will quietly vanish. The only downsides are that the PIN box doesn't auto-focus any more and the quick payment sidebar item doesn't do anything.
Of course, the Abbey features may be slightly different in the first place, but you get the idea.
someone else has clued up to whats happening here.
Most UK financial / media sites send stuff to third parties for 'analysis'
Not only that it happens within the ssl bit, ie when you have logged on.
Here is my log of the last 24hrs, of the organisations I block
64.236.79.229 4 80 ARIN US ATDN-ISP
62.41.70.122 1 80 RIPE NL NL-KPN-BBT-20000510
217.163.21.38 1 80 RIPE GB YAHOO-IE
62.41.70.170 1 80 RIPE NL NL-KPN-BBT-20000510
199.255.34.89 8 443 ARIN US CORE-DEN-01
204.77.29.128 2 443 ARIN US CORE-ATL-01
188.121.36.239 1 80 RIPE NL Prolexic Technologies Inc
87.249.105.28 12 443 RIPE EU NEDSTAT2
66.235.139.166 1 80 ARIN US OMTR-SJ1
212.118.226.91 1 80 RIPE GB UK-INTERNAP-20000530
77.72.113.58 1 80 RIPE NL NL-NEDSTAT
188.121.36.238 5 80 RIPE NL Prolexic Technologies Inc
66.235.133.33 1 80 ARIN US OMTR-SJ1
87.249.105.58 1 80 RIPE EU NEDSTAT2
63.140.40.27 10 443 ARIN US OMTR-SJ1
66.235.148.128 5 80 ARIN US OMTR-SJ1
Now the organisations will not tell you what they send as its commercially sensitive , but its all legal!!
Over the past few days we had become worried that a large cheque deposited into our on-line account and which a confirmation of receipt was received had not appeared on our list of recent transactions. Calls (0844) to the bank were answered with "It has cleared and will be shown tomorrow" Today after pressing them and suggesting there had been a fault in the changeover they finally admitted that some transactions at the time of the takeover did not make it to the online listing. We subsequently discovered a missing payment from the listing. On checking, the balance however appears to be correct.