Blame?
Doesn't look like they're blaming FF4 to me. From the quote it seems they've acknowledged it's their end and are fixing it.
Customers unable to log-in to Santander's personal banking site this morning need to try another browser. Several Reg readers got in touch with us this morning because they were met by a holding page which said: "We're sorry, but the online logon service for Online Banking is temporarily unavailable." Customers were offered …
"experiencing difficulties accessing their account details online"
Why does everyone in business talk such gobbldeyshite? I am not experiencing any difficulties thank you, I am unable to use the site at all.
Even bloody windows does it. "Word has experienced difficulties and needs to close". No it hasn't, it is a program, an inanimate object, and it doesn't experience anything. It has crashed. Sheesh!
Mine is the one experiencing fashion difficulties
It used to make their 'download Trustee software pop up go a little bit loopy. So no big surprise that it has barred Firefox completely.
Wish Santander hadn't bought A&L. A&L was a good bank before Santander got their claws into them.
Santander - Ripping off their customers for years
Is this the same Alliance and Leicester whose agent, when I had the temerity to call the "overseas customers only" landline number to avoid the 0870 tax, told me off and said that she would co-operate just this once but that I was a very naughty boy and she would put a mark against my account and not let me do it again?
Is this the same Alliance and Leicester which, when I pointed them at the Banking Code in relation to their tax certificate ordering system stating "you may be charged for this," "clarified" matters by deciding to charge for ALL certificates instead?
Is this the same Alliance and Leicester which makes it so hard to find the interest rates on your accounts, doesn't tell you when the bonuses expire (unlike, for instance, Nationwide), and when asked when they expire tell you "a year after you opened the account"?
A cheap bank yes. A good bank no. I guess you pays your money and you takes your choice, which is why I still suffer them when they are competitive.
...assume too much, and show yourself up as a bit silly by trying to bring such emotive irrelevant issues into the argument. I have never come across a company which cares about bypassing 0870 before or since, and as 0870 pays the company to keep you in the queue for as long as possible, only an idiot would use it. I guess you just call from your employer's phone instead, eh? Or am I just assuming too much?
It's more expensive than phoning from overseas.
Not eligible to use, my foot.
I'm not going to sit on hold at 25p a minute to listen to terrible music and poorly trained, overworked phone droids muck up my financial affairs.
http://www.o2.co.uk/mobilestariffs/tariffs/specialnumbers
I always, always phone the 'overseas only' number for any service.
0870 - It's only the marketing people wanting to make it look 'official'
(and I know this as I've sat in on the meetings as the web developer for a number of organisations, pleading for them to have a sensible number for mobile users, only to be overridden by the marketing muppets).
Back 10 years or so banks were very twitchy about this new internet thingy and they'd explicitly check that people were connecting with an "approved browser" ... so back then it was quite common to find that if you upgraded to Browser(N+1) you'd find you could no longer log in as they'd only validated Browser(N) ... plus normally there was an additional check of "Browser==IE" :-)
Aside from the fact that a bank this size (nay, any size!) should be testing their online banking sites against popular browsers using betas/release candidates well in advance of release date, Santander is well known for having badly coded sites.
Tried to apply for an online business banking account only for the form to repeatedly tell me my birthdate was incorrect.
In what way? Does it know better than I do when I was born?
Useless.
IE9 isn't supported either.
I have 5 browsers on my machine - IE9, FF4, Chrome 10, Safari 5 and Opera 11. Seemingly none of those are supported by Santander. It appears that "in the interests of security", I am required to downgrade to a browser that accepts fake Comodo security certificates.
I tried to log in from Safari on the iPad at around 7am this morning - not a supported browser (I think), but I've logged in using this before. I was seeing a "page cannot be found" error at www.santander.co.uk at this point, initially a default one from the webserver and then a Santander branded one shortly after that. So it sounds as if there was more to this than an issue with FF.
Fail, as the online banking experience from Santander seems to have hiccups quite regularly.
I think the Firefox issue is red herring - I was getting an asp error logging in with both Chrome and IE this morning....
BTW - is there anyway to stop the bl**dy Trusteer pop-up? I don't want your shonky security software thanks very much - I shouldn't have to tell you every time!
These are the same wankers who implemented a security system for their online banking - the basic premise of which was that you had a mobile phone and reception - I live in Wales so no mobile phone reception for me which means a trip into town every time I want to set something up on my account. It had to have been designed by a graduate!!
Possibly due to Remote XUL support being removed (by default)?
https://developer.mozilla.org/en/Firefox_4_for_developers#Remote_XUL_support_removed
I have a similar issue with accessing webmail from my hosting provider. Their response was that their webmail component they use is written by a third party and there are no plans to change/upgrade it.
"We are aware that some customers using the latest version of the browser Firefox, version 4, may currently be experiencing difficulties accessing their account details online. We are in the process of rectifying this and would advise customers in the meantime to use a previous version of Firefox or Internet Explorer.
"This will not impact customers' online security..."
No one should be using IE at the moment due to the MHTML bug that allows drive by attacks that can compromise the system. Stupid, stupid people. Just because they have particularly stupid management when it comes to deploying a web service, and/or particularly stupid web developers doesn't mean that they should be giving poor advice that can lead to their customers having their bank accounts hijacked.
Walk away from Santander, and any other monkeys, that want your cash and can't write a proper website that works across browsers.
I have seen internet banking sites behave appallingly if cookies are not enabled. Worse, they don't always indicate that cookies not being enabled is the issue.
The user experience above does not strike me as consistent. Suggests it's something configurable, and given my past experience, it makes me think of cookies.
My 2p. Don't spend it all at once.
As a web developer, I'll address your concern.
Thanks to all the FUD put out about cookies by the media, most people are now paranoid about them. That has made our job that much harder.
There are two ways we can preserve state across pages on a site. By that I mean how we know that it's you asking for a page as distinguished from the other million visitors using the site at the same time. The two ways are: cookies, and session ids. Both do essentially the same thing. but in different ways.
A cookie stores the state id on your computer, while a session id stores the state id in the URL if using a GET method (you've probably seen these; they look like a mess of numbers and letters, like "www.mysite.com/do.php?sid=a5011C6&p=5 etc... the "a5011C6" bit is the session id) or passed as a parameter if using a POST method.
The main difference between them is that cookies preserve state even if you leave the website - the cookie can be used to remember that you logged in and to restore that logged-in state if you return before the cookie expires. Session ids, on the other hand, lose state when you leave the site (because other sites obviously won't carry your session id), so with them you have to log back in for each visit.
Finally, cookies can be turned off by the user, while session ids can't (unless you delete them from the URL in which case the site will fail anyway.) So we have to choose between preserving state when the user has gone offsite, but can turn that off and screw it up, or prevent the user turning it off and screwing it up, but losing state if they go offsite.
Either way, the site needs to know that it's you who requested a page. That's so we don't go showing your account balance to all and sundry. By disabling cookies, you make our job that much harder. In some cases, you make it impossible.
In essence, what you are doing by disabling cookies on your bank's website is like going into a bank branch without your bank card, passbook or any ID and asking to transact on your account. It isn't going to happen, for obvious reasons.
So please, just enable the cookies, at least for sites you need to log in and preserve state on. It'll save you a lot of headfuck in the long run, and save many a poor web developer from tearing their hair out having to track state with people who insist on refusing to be tracked!
I'm fully aware of the difficulties web developers face.
Most users have no problem with being tracked for legitimate reasons.
Neither cookies or session ids are the problem if used properly and legitimately. As you say they have their purpose.
But please understand that legitimate mechanisms can be used as attack vectors. It's a while back now I admit, but I seem to recall some browsers leaking cookies from users' machines. So people, including me block cookies not to mess up good sites, but to avoid being caught by the bad ones. With increases in e-commerce, I can't see this changing.
Back to FF, what I was trying to say is that some sites I've seen don't even tell you that they need cookies enabled. They just behave stupidly. As a developer I'm sure you'll agree this is unacceptable. This may or may not be the problem, but the differing user experience does suggest something user configurable - again I'm sure you'd agree to more than a whiff of this possibility ? I just used cookies as an example that came to mind at the time.
I really do apologise if I caused you any defolicification (hair loss). I ceased to suffer from that problem a long time ago when the 'egg' finally poked through !
I found a number of websites to be broken after the FF4 upgrade - clicking on links would take you back to the main site again. I have disabled most of my Addons and this seems to have fixed it. Will add them back on again one by one this evening to find the culprit. Maybe Add Block Plus or No-Scripts or somesuch.
My problem was not Santander. I couldn't get into my webmail account with FF4, nor login to the related forum to complain.
Temporary solution is to give the offending web-site a FF browser ID it will accept:
1) Open about:config in a new tab
2) Right click in the middle and choose: New -> String
3) In the first box that pops up, enter:
general.useragent.override
4) In the second box that pops up, enter:
Mozilla/5.0 (Windows NT 5.1; rv:2.0) Gecko/20100101 Firefox/3.6.15
5) Close about:config
Once FF4 problem is fixed, you should reset to avoid other problems:
To reset the user agent back to normal:
1) Go to about:config
2) Type general.useragent.override in the filter box
3) Right click the entry that shows up and press reset
Not the best of temporary fixes, but this method has been necessary in the past for earlier releases too.
.deb
packages