Closed Bug 284441 Opened 20 years ago Closed 17 years ago

fourthfedonline.com - Fourth Federal Online banking and billpay warn to use other browsers

Categories

(Tech Evangelism Graveyard :: English US, defect)

Product:
Tech Evangelism Graveyard
Component:
English US
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: stephan, Unassigned)

References

(
URL
)

Details

(Keywords: ecommerce)

This will be hard to duplicate without an account at Fourth Federal Savings Bank, accessible online at: http://www.fourthfed.com/ If you do have an account, and go to the login screen, which is: https://www.fourthfedonline.com/onlineserv/HB/Signon.cgi You will see the following message: "For security reasons, we recommend that you use Netscape Navigator or Microsoft Internet Explorer as your browser. To download the latest version, please click on one of the icons below." That isn't the end of the world. You can log in and use the sytem fine with Mozilla, but..... If you then go to the bill payment section, EVERY single screen will have the following warning at the top: "# The browser you are using is not currently supported by Bill Payer. For best results and to ensure accuracy, we recommend you use one of the following supported browsers:Microsoft Internet Explorer 5.5 or later # Netscape Navigator 6.2 or later # Apple Safari 1.2 # AOL 9.0" This is quite annoying -- and misleading (since of course Netscape is there and uses the same engine). OK... there you have it.
Keywords: ecommerce
Summary: Fourth Federal Online banking and billpay warn to use other browsers → fourthfedonline.com - Fourth Federal Online banking and billpay warn to use other browsers
Stephan, it would be best if you contact them first since you are already a customer. You might mention that: Netscape 6.2 - Netscape 7.2 have security vulnerabilities that have not been fixed; that any Windows machine not running Windows XP SP2 probably has vulnerabilites that have not been patched; any Windows machine that has not been vigorously kept up to date with patches probably has spyware or trojans installed; Internet Explorer 5.5 has vulnerabilities that have not been patched; that Internet Explorer 6 has vulnerabilites that have not been patched; .... You can point them to http://www.securityfocus.com/bid/vendor/ http://secunia.com/product/10/ http://secunia.com/product/11/ If they _really_ cared about their customers, they would tell them that online banking is unsafe and they should stop using it altogether or should switch to Linux. As it stands, their recommendation is misleading and inadequate and _could_ lead their customers to use unsafe practices leading to financial losses.
Bob, thanks for the great analysis. I have sent the following email to customercare@fourthfed.com: This is a comment on your new online banking service web site. Please forward to the most appropriate technical folks. You have included statements both on the login page, and on every page in the bill pay section, that talk about browser security. As one who is fairly knowledgeable about browser security issues, and having contacted the open source people at Mozilla.org, I believe your statements to be misleading. For one thing, you do not list the Mozilla browser as being secure, yet you do list the Netscape browser. The Netscape browser is built around the Mozilla Gecko engine, and as such Mozilla is at least as secure as Netscape. The problem is, though, that the latest Netscape is always at least several months behind the latest Mozilla in the engine release, which means it is almost always behind the curve from a security perspective. Internet Explorer is far less secure than either of them. I suggest you follow the discussion of the tech evangelism bug I filed about your web site at bugzilla.mozilla.org. The web page is: https://bugzilla.mozilla.org/show_bug.cgi?id=284441 You may want to scroll down to look at Bob Clary's excellent comments in the discussion. Thanks again. I am very pleased you are offering online banking... -stephan golux
Blocks: 124594
Looks like this is fixed. https://www.fourthfedonline.com/onlineserv/HB/login_help.html#recommended_browsers includes Firefox as a "recommended browser" and I can get to https://www.fourthfedonline.com/onlineserv/HB/Signon.cgi just fine with both Firefox 2 and Camino trunk. I don't have an account, so I obviously can't test beyond that, but if I put in garbage login data, I get the "invalid login" screen. The banking Web app they're using is the same that Flagstar uses, and I've never had any problems with Flagstar using Camino or Firefox. Stephan, if this is still broken for you, please feel free to re-open this bug.
URL: https://www.fourthfedonline.com/onlin...https://www.fourthfedonline.com/
Status: NEW → RESOLVED
Closed: 17 years ago
OS: Windows XP → All
Resolution: --- → FIXED
I no longer have an account at this bank either, so unfortunately I am unable to test!
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.