Internet Explorer no longer Safe....... time for BOI to do something with regards to

Seve OB

So for years I don't use internet explorer cause it's crap.  Except BOL has to use it, because it's not available on the other web applications such as chrome, safari, firefox etc.

It is now time for BOI to get their finger out and fix this problem, because we are now told, using Internet Explorer is no longer safe.

http://www.irishtimes.com/business/sectors/technology/us-uk-governments-advise-against-using-internet-explorer-1.1777449

Bank of Ireland: Laura

Hi stevieob.

Thanks for getting in touch.

We have had several queries on this today.
Bank of Ireland are aware of the issues reported in the media in relation to Microsoft Internet Explorer browser and we are in close liaison with our service providers and Microsoft to address.

In the interim, access to Business Online is not impacted and full service is available.
We will update customers in relation to further developments as we are advised.

Thanks,
Laura

Irish Steve

Bank of Ireland: Laura wrote: »

Hi stevieob.

Thanks for getting in touch.

We have had several queries on this today.
Bank of Ireland are aware of the issues reported in the media in relation to Microsoft Internet Explorer browser and we are in close liaison with our service providers and Microsoft to address.

In the interim, access to Business Online is not impacted and full service is available.
We will update customers in relation to further developments as we are advised.

Thanks,
Laura

Laura,

Sorry, but BOI are completely and deliberately avoiding the issue that has been raised.

It may well be the case that the BOI application is secure, and working, the issue that has been completely ignored over a long period of time by BOI is that many users do NOT want to be FORCED to use a browser that is insecure, and BOI are still forcing Business users to use Internet Explorer, as the Business Banking system WILL NOT WORK with ANY other browser.

Internet Explorer is NOT secure, and just using it can expose the computer that it is running on to being abused by a malicious user who has no right or reason to be accessing that computer.

The fact that the BOI application is deemed to be secure is irrelevant to the issue, the issue that is very much in the public domain, and a source of considerable concern to many, is that Internet Explorer, (regardless of the version of Windows that's being used) is NOT secure, and can expose the computer to being compromised just by being in memory on the computer.

That is a risk that many users do not wish to take, so their preferred policy is to NOT use Internet Explorer on machines that have access to critical systems. That choice does not exist for BOI Business Banking users, as the application will ONLY run on Internet Explorer.

This is not an new issue, it's been raised on many occasions by a number of people, and BOI are continuing to avoid the issue.
The whole Business Banking application is creaking at the seams, it is bad in so many ways, and a disgrace in terms of facilities and service, and to add insult to injury, a number of fundamental facilities were withdrawn with the arrival of SEPA, making a poor application even more restricted.

It should have been updated to be browser independent  a long time ago, and the fact that it has not, and that BOI have not made any announcements about their long terms plans for Business Banking online services speaks volumes about the parlous state of IT within Bank of Ireland group.

I am in the happy position that as a result of a recent change of role, I no longer have to worry about the limitations of the Business suite, that problem is now on another desk. I don't miss it, not one little tiny bit.

The bottom line that is inescapable and undeniable is that BOI Business Banking as configured at present is NOT safe, not because of any shortcoming in the BOI software, but as a direct result of the enforced use of Internet Explorer, which has been reported as being insecure in all versions due to issues within the application, regardless of the version of Windows in use.

The ONLY way that BOI can resolve this issue is to put in place an urgent change that will allow the Business Banking application to run on ANY mainline browser like Firefox, Chrome or Safari.

It should have happened a long time ago, and the fact that it has not is now placing users in an impossible situation. You warn us to ensure that our computers are safe and secure, but force us to use a browser that is being widely reported as unsafe for use on systems that have access to critical information.   

Seve OB

Irish Steve wrote: »

Bank of Ireland: Laura wrote: »

Hi stevieob.

Thanks for getting in touch.

We have had several queries on this today.
Bank of Ireland are aware of the issues reported in the media in relation to Microsoft Internet Explorer browser and we are in close liaison with our service providers and Microsoft to address.

In the interim, access to Business Online is not impacted and full service is available.
We will update customers in relation to further developments as we are advised.

Thanks,
Laura

Laura,

Sorry, but BOI are completely and deliberately avoiding the issue that has been raised.

It may well be the case that the BOI application is secure, and working, the issue that has been completely ignored over a long period of time by BOI is that many users do NOT want to be FORCED to use a browser that is insecure, and BOI are still forcing Business users to use Internet Explorer, as the Business Banking system WILL NOT WORK with ANY other browser.

Internet Explorer is NOT secure, and just using it can expose the computer that it is running on to being abused by a malicious user who has no right or reason to be accessing that computer.

The fact that the BOI application is deemed to be secure is irrelevant to the issue, the issue that is very much in the public domain, and a source of considerable concern to many, is that Internet Explorer, (regardless of the version of Windows that's being used) is NOT secure, and can expose the computer to being compromised just by being in memory on the computer.

That is a risk that many users do not wish to take, so their preferred policy is to NOT use Internet Explorer on machines that have access to critical systems. That choice does not exist for BOI Business Banking users, as the application will ONLY run on Internet Explorer.

This is not an new issue, it's been raised on many occasions by a number of people, and BOI are continuing to avoid the issue.
The whole Business Banking application is creaking at the seams, it is bad in so many ways, and a disgrace in terms of facilities and service, and to add insult to injury, a number of fundamental facilities were withdrawn with the arrival of SEPA, making a poor application even more restricted.

It should have been updated to be browser independent  a long time ago, and the fact that it has not, and that BOI have not made any announcements about their long terms plans for Business Banking online services speaks volumes about the parlous state of IT within Bank of Ireland group.

I am in the happy position that as a result of a recent change of role, I no longer have to worry about the limitations of the Business suite, that problem is now on another desk. I don't miss it, not one little tiny bit.

The bottom line that is inescapable and undeniable is that BOI Business Banking as configured at present is NOT safe, not because of any shortcoming in the BOI software, but as a direct result of the enforced use of Internet Explorer, which has been reported as being insecure in all versions due to issues within the application, regardless of the version of Windows in use.

The ONLY way that BOI can resolve this issue is to put in place an urgent change that will allow the Business Banking application to run on ANY mainline browser like Firefox, Chrome or Safari.

It should have happened a long time ago, and the fact that it has not is now placing users in an impossible situation. You warn us to ensure that our computers are safe and secure, but force us to use a browser that is being widely reported as unsafe for use on systems that have access to critical information.   

Well said.   I bet they will take your comments on board and keep their customers updated via the usual chanels

northwestramble

Excellent summary of the problem. 
To be honest, I cannot understand how BOI treats its business customers so badly when it comes to online banking. I guess unless customers start to demand change via their branches and calling their account managers about their frustrations of the system, things will not change. Maybe we should start a campaign here on boards for it  

I guess BOI has done the sums and felt it is not worth them spending money to upgrade the site. No doubt BOI feel that many businesses will not change for the sake of a poor website as they will not want the hassle to change banks. 

I myself have contacted BOI directly on this and expressed my concerns of using IE and I do not feel it is acceptable to be forced to use an insecure browser to access financial data. I also notified the Central bank to state my concerns that a financial institution was forcing its customers to ignore current best security practise (not use IE until a fix is rolled out) in order to avail of its services.

GarIT

There are no security issues with Internet Explorer at all when it is opening a reputable website, the only issues arise when the browser opens a site designed to attack Internet Explorer. Internet Explorer is as good as any browser for security and better than most. This issue will also be resolved in a couple of days.

northwestramble

GarIT, that is true, when opened on a reputable site, such as BOI Business online, there is no risk and the later versions of IE are indeed more secure.
However, if you are on XP, this may never be fixed in IE and you cannot use an alternative browser to access business online. As a result if someone were to visit a site via a false email scam and this vulnerability is exploited then that person has a problem. 
I have seen a number of spam email messages recently about "resetting" my banking password or updating my details. While many of us are aware of these scams, sadly not everyone is and they get caught out.
I would think it is not unreasonable to expect a bank in 2014 to provide a website that can work across the main browsers and thus give customers an alternative to use if one particular browser has a security issue identified against it, until it is patched. 

GarIT

northwestramble wrote: »

GarIT, that is true, when opened on a reputable site, such as BOI Business online, there is no risk and the later versions of IE are indeed more secure.
However, if you are on XP, this may never be fixed in IE and you cannot use an alternative browser to access business online. As a result if someone were to visit a site via a false email scam and this vulnerability is exploited then that person has a problem.
I have seen a number of spam email messages recently about "resetting" my banking password or updating my details. While many of us are aware of these scams, sadly not everyone is and they get caught out.
I would think it is not unreasonable to expect a bank in 2014 to provide a website that can work across the main browsers and thus give customers an alternative to use if one particular browser has a security issue identified against it, until it is patched.

If you are using XP it is guaranteed that it will never be fixed, Microsoft have confirmed that. However if you are using Windows XP you should not be banking in any browser.

I agree that the browser situation in the bank isn't right, you should be able to use any browser, at least major browsers. However your argument about security is silly, yes if one was purposefully reckless it could be a problem but that would be your own fault. There is a simple solution though. Only use IE for your banking, you don't need to use it for the rest of the web. It's not ideal but it works, problem solved.

For those of you using IE, I would suggest the following;

Microsoft suggests downloading its Enhanced Mitigation Experience Toolkit version 4.1 to help guard against attacks until a patch is released.

Also one should disable the Adobe Flash plugin as this is required to exploit the browser and running IE in enhanced protection mode, which is only available for IE versions 10 and 11, will protect users from attacks.

Bank of Ireland: Sarah

Hi all,

Our Business Online Status page has been updated with a link to recommended actions for improving the security of Internet Explorer. 

You can find the Business Online status page here

Please also find the page regarding Internet Explorer security recommendations here 

Thanks,
Sarah

Seve OB

GarIT wrote: »

northwestramble wrote: »

GarIT, that is true, when opened on a reputable site, such as BOI Business online, there is no risk and the later versions of IE are indeed more secure.
However, if you are on XP, this may never be fixed in IE and you cannot use an alternative browser to access business online. As a result if someone were to visit a site via a false email scam and this vulnerability is exploited then that person has a problem.
I have seen a number of spam email messages recently about "resetting" my banking password or updating my details. While many of us are aware of these scams, sadly not everyone is and they get caught out.
I would think it is not unreasonable to expect a bank in 2014 to provide a website that can work across the main browsers and thus give customers an alternative to use if one particular browser has a security issue identified against it, until it is patched.

If you are using XP it is guaranteed that it will never be fixed, Microsoft have confirmed that. However if you are using Windows XP you should not be banking in any browser.

I agree that the browser situation in the bank isn't right, you should be able to use any browser, at least major browsers.  However your argument about security is silly, yes if one was purposefully reckless it could be a problem but that would be your own fault. There is a simple solution though. Only use IE for your banking, you don't need to use it for the rest of the web. It's not ideal but it works, problem solved.

Only have XP machines in our office.  Why should we have to go out and buy new ones or upgrade operating systems when they are all working fine?

Oh wait, I could actually use my own personal computer to do my BOI Business banking.   OOOOOOOHHHHH no wait, I use a mac so scrap that idea!!!!!!

northwestramble

Nice to see that others are also asking questions of BOI about this. 
http://www.independent.ie/business/technology/bank-of-ireland-aware-of-browser-security-issue-but-say-use-it-anyway-30233412.html

Maybe with all of the publicity, BOI might actually think of spending a little of money that is collects from its business customers to upgrade the website  

GarIT

stevieob wrote: »

Only have XP machines in our office.  Why should we have to go out and buy new ones or upgrade operating systems when they are all working fine?

Because it is extremely vulnerable to security threats now no matter how you try to secure it the base you are working on will soon be full of holes.

Irish Steve

There are a couple of things that should be said here, to clarify what's been posted.

IE has now been patched, (as long as Windows or Microsoft update has been run) and the patch has included XP systems, which represents a significant climb down by Microsoft, so clearly someone has managed to get their attention.

The risks of using IE are there simply because it it running. It is possible to find out without much work which browser is being used, and some of the compromise methods can then be "piggybacked" into the machine without having accessed a "vulnerable" site. When Government advice is to NOT use a browser  until it has been patched, that's a very clear indication that the vulnerability is (a) serious, (b) widespread and (c) dangerous.

What is slightly hopeful is that it would at last appear to be the case that enough people have cried "foul" to get BOI's corporate attention. I'm not about to start holding my breath on an upgrade, I have already said that I think the present regime will be continued for at least 18 months to 2 years, simply because the work required to decide what is really needed hasn't been done to a sufficient degree to even allow coding to be considered.

It will indeed be interesting to see how BOI plans to resolve this situation, their IT is creaking at the edges, with regular but so far relatively minor outages that are fundamentally unacceptable in a modern banking system.

It will be a very different story if a major outage occurs, and with the number of times that things go "slightly" wrong, it is only a matter of time before a fundamental failure occurs that can't be recovered quickly.

When it does, the response of all at BOI will be very interesting to watch. Realistically, some heads should already have rolled, but if they have, it's been kept very quiet. A very visible failure will be less easy to hide, and should have repercussions.