I opened an account with HSBC a few days back for my salary deposits. The online@HSBC services are not working in Ubuntu/Firefox. It requires IE 5.0+ or NS Communicator. I tried fiddling with the User Agent string (strangely, most of the IE User Agent strings I found on the net looked like Mozilla/<some stuff>) but to no avail. I've submitted a complaint form but I'm not expecting them to listen to it.
Is there any way other than booting into Windows or using IE from Wine? Other than the fact that I would be using, well, IE or win32, I would lose face in front of my sister whom I berate for carrying out *her* online banking business in win32/IE :-(
Dear Rohit,
On 9/28/06, Rohit V Bhute rvbhute@gmail.com wrote:
I opened an account with HSBC a few days back for my salary deposits. The online@HSBC services are not working in Ubuntu/Firefox. It requires IE 5.0+ or NS Communicator. I tried fiddling with the User Agent string (strangely, most of the IE User Agent strings I found on the net looked like Mozilla/<some stuff>) but to no avail. I've submitted a complaint form but I'm not expecting them to listen to it.
Simply vote with your valet. Threaten them with discrimination and law suit. I had already had a tiff with them and I refuse to pay them if they don't support other browsers.
Is there any way other than booting into Windows or using IE from Wine? Other than the fact that I would be using, well, IE or win32, I would lose face in front of my sister whom I berate for carrying out *her* online banking business in win32/IE :-(
Don't worry about losing your face. It's better then loosing your money when you use IE to do on-line transactions. Please advice your sis to desist from using IE for online transactions as it could prove financially fatal.
-- Rohit V. Bhute
Have a happy net banking with GNU/Linux+FF :-) With regards,
On 9/28/06, Rohit V Bhute rvbhute@gmail.com wrote:
I opened an account with HSBC a few days back for my salary deposits. The online@HSBC services are not working in Ubuntu/Firefox. It requires
I faced this problem and the solution is simple - fake the useragent string.
Is there any way other than booting into Windows or using IE from Wine? Other than the fact that I would be using, well, IE or win32, I would lose face in front of my sister whom I berate for carrying out *her* online banking business in win32/IE :-(
There is a FF extension (useragent switcher) that should allow you to set it to the oooooold netscape version and use it.
I am able to use HSBC site with this simple switch. :)
regards, C
Chetan S wrote:
There is a FF extension (useragent switcher) that should allow you to set it to the oooooold netscape version and use it.
That did the trick. Thanks.
Sometime on Friday 29 September 2006 21:21, Rohit V Bhute said:
Chetan S wrote:
There is a FF extension (useragent switcher) that should allow you to set it to the oooooold netscape version and use it.
That did the trick. Thanks.
And now HSBC webmasters would think that all their customers use _only_ Internet Explorer for netbanking. And there's no need to write standards compliant code.
Anurag
Anurag wrote:
And now HSBC webmasters would think that all their customers use _only_ Internet Explorer for netbanking. And there's no need to write standards compliant code.
I selected Netscape 4.8 which gives a UA of <Mozilla/4.8 [en] (Windows NT 5.1; U)> - which worked. My default UA is <Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4>.
Can't help it - the bank handles my salary account, so I have to bend to its rules. We have had so many threads about banking services being partial to IE... maybe a heavyweight on this list can get an IT head of a bank (why not get HSBC first?) to attend a LUG meeting with the team which built these services and trash out these issues? If changing the browser UA is all that was necessary , the code changes might be actually feasible.
Rohit V Bhute wrote:
Anurag wrote:
And now HSBC webmasters would think that all their customers use _only_ Internet Explorer for netbanking. And there's no need to write standards compliant code.
I selected Netscape 4.8 which gives a UA of <Mozilla/4.8 [en] (Windows NT 5.1; U)> - which worked. My default UA is <Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4>.
Can't help it - the bank handles my salary account, so I have to bend to its rules. We have had so many threads about banking services being partial to IE... maybe a heavyweight on this list can get an IT head of a bank (why not get HSBC first?) to attend a LUG meeting with the team which built these services and trash out these issues? If changing the browser UA is all that was necessary , the code changes might be actually feasible.
Could anyone provide a proper technical writeup of what changes are necessary from the server end, for the HSBC servers to work with linux based browsers?
Regards,
Rony.
___________________________________________________________ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com
Dear Rony,
On 9/30/06, Rony ronbillypop@yahoo.co.uk wrote:
Could anyone provide a proper technical writeup of what changes are necessary from the server end, for the HSBC servers to work with linux based browsers?
Why would anyone give free consultancy service to a bank? :-D
They have whole bunch of IT morons in their IT department. If they can't design a cross browser, standards compliant site, why all of them should not be fired?
And don't say bank has rights do whatever they think is right. They are playing with our (customers') money.
Regards,
Rony.
With regards,
Dinesh Shah wrote:
Dear Rony,
On 9/30/06, Rony ronbillypop@yahoo.co.uk wrote:
Could anyone provide a proper technical writeup of what changes are necessary from the server end, for the HSBC servers to work with linux based browsers?
Why would anyone give free consultancy service to a bank? :-D
They have whole bunch of IT morons in their IT department. If they can't design a cross browser, standards compliant site, why all of them should not be fired?
And don't say bank has rights do whatever they think is right. They are playing with our (customers') money.
I was only trying to send a link to the reply to someone I know, but with the description of IT dept. given above, I can't do that. Anyway no problem. :)
Regards,
Rony.
___________________________________________________________ All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine http://uk.docs.yahoo.com/nowyoucan.html
On 30-Sep-06, at 11:31 PM, Rony wrote:
Could anyone provide a proper technical writeup of what changes are necessary from the server end, for the HSBC servers to work with linux based browsers?
the question is framed wrong. It is not linux based browsers that are being kept out. It is standards compliant browsers that are being kept out. And the standards are out there in the open. The question is: how to get them to write standards compliant web apps - which they wont do because IE will get locked out.
Kenneth Gonsalves wrote:
On 30-Sep-06, at 11:31 PM, Rony wrote:
Could anyone provide a proper technical writeup of what changes are necessary from the server end, for the HSBC servers to work with linux based browsers?
the question is framed wrong. It is not linux based browsers that are being kept out. It is standards compliant browsers that are being kept out.
But the OP was able to use firefox by using the netscape id and netscape is not IE.
"I selected Netscape 4.8 which gives a UA of <Mozilla/4.8 [en] (Windows NT 5.1; U)> - which worked." --> OP
Regards,
Rony.
___________________________________________________________ All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine http://uk.docs.yahoo.com/nowyoucan.html
Rony wrote:
But the OP was able to use firefox by using the netscape id and netscape is not IE.
Yes, they seem to be blocking the OS, and not any particular browser. I checked in Firefox from Win XP and the service worked. So all it requires, apparently, is the presence of "Windows" in the User Agent string.
On 30-Sep-06, at 10:26 AM, Rohit V Bhute wrote:
But the OP was able to use firefox by using the netscape id and netscape is not IE.
Yes, they seem to be blocking the OS, and not any particular browser. I checked in Firefox from Win XP and the service worked. So all it requires, apparently, is the presence of "Windows" in the User Agent string.
ok, my mistake
On Saturday 30 September 2006 04:56, Rohit V Bhute wrote:
Yes, they seem to be blocking the OS, and not any particular browser. I checked in Firefox from Win XP and the service worked. So all it requires, apparently, is the presence of "Windows" in the User Agent string.
So, theoretically if I appended "Windows sucks" to the user agent string, it should work just because "Windows" is present in UA strnig?
Dinesh Joshi wrote:
On Saturday 30 September 2006 04:56, Rohit V Bhute wrote:
Yes, they seem to be blocking the OS, and not any particular browser. I checked in Firefox from Win XP and the service worked. So all it requires, apparently, is the presence of "Windows" in the User Agent string.
So, theoretically if I appended "Windows sucks" to the user agent string, it should work just because "Windows" is present in UA strnig?
HeHe, try it out.
Regards,
Rony.
___________________________________________________________ Try the all-new Yahoo! Mail. "The New Version is radically easier to use" � The Wall Street Journal http://uk.docs.yahoo.com/nowyoucan.html
On Sunday 01 October 2006 15:34, Rony wrote:
HeHe, try it out.
Dont have an account with them so cant try... :P Do they look at the UA strings that are hitting their portal? If so then all Linux users should set their browser string to this. It'll be fun to look at their faces when they find out that a bunch of customers are using "Windows sucks" :P.
On a more serious note, do they check for the _presence_ of a particular string or the _absense_ ? Are they specifically checking whether Windows is present or Linux / alternative OS is absent?
On 10/1/06, Dinesh Joshi dinesh.a.joshi@gmail.com wrote:
Dont have an account with them so cant try... :P Do they look at the UA strings that are hitting their portal? If so then all Linux users should set their browser string to this. It'll be fun to look at their faces when they find out that a bunch of customers are using "Windows sucks" :P.
On a more serious note, do they check for the _presence_ of a particular string or the _absense_ ? Are they specifically checking whether Windows is present or Linux / alternative OS is absent?
How to check this? I don't have much idea. The thing is that one of my friend is agreeing to dump windows for linux only hitch is that www.sharekhan.com, which he requires to access regularly isn't
working well. Maybe you will remember this Dinesh, since googling for it, I found someone had faced same problem on PCQuest forum, where you had replied. The thing is when he logs into fast trade, java applet refuses to load, whereas it loads fine in IE at his place. I have tried accessing that page with both Firefox 1.5.0.7 and Opera 9.02from Ubuntu 6.06 and SLED 10, both using SunJDK-1.5 update7. All other java applets open fine.
Dinesh Joshi wrote:
On Sunday 01 October 2006 15:34, Rony wrote:
HeHe, try it out.
I tried it out but, not surprisingly, Firefox immediately defaulted to its default UA and then HSBC didn't work. There *is* such a thing as a correct UA.
On Sunday 01 October 2006 08:48, Rohit V Bhute wrote:
Dinesh Joshi wrote:
On Sunday 01 October 2006 15:34, Rony wrote:
HeHe, try it out.
I tried it out but, not surprisingly, Firefox immediately defaulted to its default UA and then HSBC didn't work. There *is* such a thing as a correct UA.
No there isnt. You can set the UA string to anything atleast in Mozilla. Well the version I had could do that ( 1.7.x i think ).
Dinesh Joshi wrote:
No there isnt. You can set the UA string to anything atleast in Mozilla. Well the version I had could do that ( 1.7.x i think ).
My mistake. I tried with <Mozilla/4.8 [en] (Windows sucks 5.1; U)>. Checked the UA with about: in the URL box. Then I logged in to HSBC and logged out. When I checked UA again, it was set to default. This happens even when using a "legal" UA from the User Agent Switcher tool. So guess that's normal.
--- Rohit V Bhute rvbhute@gmail.com wrote:
My mistake. I tried with <Mozilla/4.8 [en] (Windows sucks 5.1; U)>. Checked the UA with about: in the URL box. Then I logged in to HSBC and logged out. When I checked UA again, it was set to default. This happens even when using a "legal" UA from the User Agent Switcher tool. So guess that's normal.
I am posting this message after logging on to yahoo online using the following settings. Here is the exported output.
<useragent description="Internet Explorer 6 (Windows Sucks)" useragent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" appname="Microsoft Internet Explorer Sucks" appversion="4.0 (compatible; MSIE 6.0; Windows NT 5.1)" platform="Insecure Win32" vendor="" vendorsub=""/>
Regards,
Rony.
___________________________________________________________ All New Yahoo! Mail Tired of Vi@gr@! come-ons? Let our SpamGuard protect you. http://uk.docs.yahoo.com/nowyoucan.html
Rony Bill wrote:
<useragent description="Internet Explorer 6 (Windows Sucks)" useragent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" appname="Microsoft Internet Explorer Sucks" appversion="4.0 (compatible; MSIE 6.0; Windows NT 5.1)" platform="Insecure Win32" vendor="" vendorsub=""/>
Now if only the HSBC guys guys have a sense of humor, I can add that entry to the UA tool!. BTW, <Windows NT 5.1> should be uniformly replaced by <Windows sucks>. Also vendor and vendorsub should be set to "pirated"!
No, but seriously, will it be accepted by HSBC or will they block such attempts once they see the logs?
--- Rohit V Bhute rvbhute@gmail.com wrote:
Now if only the HSBC guys guys have a sense of humor, I can add that entry to the UA tool!. BTW, <Windows NT 5.1> should be uniformly replaced by <Windows sucks>.
OK I made the changes and this is my new UA below from which I am sending the message.
<useragent description="Internet Explorer 6 (Windows Sucks)" useragent="Mozilla/4.0 (compatible; MSIE 6.0; Windows Sucks)" appname="Microsoft Internet Explorer Sucks" appversion="4.0 (compatible; MSIE 6.0; Windows Sucks)" platform="Insecure Win32" vendor="Chor" vendorsub=""/>
Also vendor and vendorsub should be set to "pirated"!
I use a legal copy of xp pro. :P
No, but seriously, will it be accepted by HSBC or will they block such attempts once they see the logs?
Maybe but this is a unique for of protest against websites.
Regards,
Rony.
___________________________________________________________ Win a BlackBerry device from O2 with Yahoo!. Enter now. http://www.yahoo.co.uk/blackberry
Rohit V Bhute wrote:
Rony wrote:
But the OP was able to use firefox by using the netscape id and netscape is not IE.
Yes, they seem to be blocking the OS, and not any particular browser. I checked in Firefox from Win XP and the service worked. So all it requires, apparently, is the presence of "Windows" in the User Agent string.
More news. HSBC is the first bank to introduce a small tiny device ( cannot recollect its name ) that changes passwords every few seconds. It is synchronized with their servers to change passwords every few seconds. Due to this even if the user logs in from windows or any other unsafe environment where the user name and password can be grabbed, it will be of no use as the password would have changed by then. This is done keeping in mind that people have unsafe net usage.
Regards,
Rony.
___________________________________________________________ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com
On 01/10/06 21:03 +0530, Rony wrote: <snip>
More news. HSBC is the first bank to introduce a small tiny device ( cannot recollect its name ) that changes passwords every few seconds. It
The RSA keyfob? It might be the first in India, but this has been a global standard for years.
Looks like we did manage to make enough noise about two factor authentication at sufficiently high levels.
Devdas Bhagat
On Saturday 30 September 2006 22:05, Devdas Bhagat wrote:
On 01/10/06 21:03 +0530, Rony wrote:
The RSA keyfob? It might be the first in India, but this has been a global standard for years.
I thought it was a rolling code algo. The type used in automobile security but with a display. Not too difficult to crack. After a few numeric password grabs. Note the fob has no link to the pc. U just press the key on the unit and it displays a number which u enter as password.
On 02/10/06 10:11 +0530, jtd wrote:
On Saturday 30 September 2006 22:05, Devdas Bhagat wrote:
On 01/10/06 21:03 +0530, Rony wrote:
The RSA keyfob? It might be the first in India, but this has been a global standard for years.
I thought it was a rolling code algo. The type used in automobile security but with a display. Not too difficult to crack. After a few
No. These are hard to break, but they depend on the timestamps being synchronised (These _are_ one time passwords, after all).
numeric password grabs. Note the fob has no link to the pc. U just press the key on the unit and it displays a number which u enter as password.
Correct. This is the primary reason for it being termed two factor authentication. If it was connected to the PC, a virus could simply hijack the connection.
Devdas Bhagat
Devdas Bhagat wrote:
Correct. This is the primary reason for it being termed two factor authentication. If it was connected to the PC, a virus could simply hijack the connection.
Absolutely right. ! It is hard to break.
Regards,
Rony.
___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com
On Monday 02 October 2006 13:04, Devdas Bhagat wrote:
On 02/10/06 10:11 +0530, jtd wrote:
On Saturday 30 September 2006 22:05, Devdas Bhagat wrote:
On 01/10/06 21:03 +0530, Rony wrote:
The RSA keyfob? It might be the first in India, but this has been a global standard for years.
I thought it was a rolling code algo. The type used in automobile security but with a display. Not too difficult to crack. After a few
No. These are hard to break, but they depend on the timestamps being synchronised (These _are_ one time passwords, after all).
so would be safe against remote attacks. Wonder what happens if the server or the fob lost it's time. The fob could easily loose time - tv degaussing, cell phone radiation, several days in the cold or heat. But none the less far better than pins or mothers name.
On 29/09/06 22:49 +0530, Rohit V Bhute wrote: <snip>
Can't help it - the bank handles my salary account, so I have to bend to its rules. We have had so many threads about banking services being
Nothing says you have to use netbanking. Hell, I would go to my bank and always take service from a teller (costs the bank $$$) instead of using netbanking or ATMs, and keep complaining (banks have forms about this).
As long as you keep working around issues, they aren't going to get fixed.
Devdas Bhagat
On 10/1/06, Devdas Bhagat devdas@dvb.homelinux.org wrote:
On 29/09/06 22:49 +0530, Rohit V Bhute wrote:
<snip> > Can't help it - the bank handles my salary account, so I have to bend to > its rules. We have had so many threads about banking services being
Nothing says you have to use netbanking. Hell, I would go to my bank and always take service from a teller (costs the bank $$$) instead of using netbanking or ATMs, and keep complaining (banks have forms about this).
As long as you keep working around issues, they aren't going to get fixed.
If any of you have contact numbers of the person, email etc of some one in their technical department, please pass them to me off the list, I will begin my conversation with them, and try to get their site support free software. I once did this billjunction site of icici, and it worked.
Nagarjuna
Devdas Bhagat wrote:
Nothing says you have to use netbanking. Hell, I would go to my bank and always take service from a teller (costs the bank $$$) instead of using netbanking or ATMs, and keep complaining (banks have forms about this).
As long as you keep working around issues, they aren't going to get fixed.
I believe, HSBC is working on this issue. Their main servers and bosses are in HK.
Regards,
Rony.
___________________________________________________________ All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine http://uk.docs.yahoo.com/nowyoucan.html
On 01-Oct-06, at 7:10 PM, Rony wrote:
I believe, HSBC is working on this issue. Their main servers and bosses are in HK.
where are their programmers?
-
Anurag -
Chetan S -
Devdas Bhagat -
Dinesh Joshi -
Dinesh Shah -
jtd -
Kenneth Gonsalves -
mehul -
Nagarjuna G. -
Rohit V Bhute -
Rony -
Rony Bill