Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Unprotected connection to AIB internet banking

  • 08-09-2014 1:00am
    #1
    sonya7
    Registered Users Posts: 44


    Hi folks, so, last Thursday we noticed that the usual protected/secure connection to our AIB personal online banking was suddenly unprotected. We emailed: alert at aib dot ie to inform but no response, today we were told they don't reply from that email Anyway, the same problem persists as of now. We use two netbooks, one has Windows 7 Starter and the other has Windows 8.1 (basic edition) We usually use Opera but sometimes use Chrome. Chrome is showing a grey lock with a warning sign. Opera shows no lock at all. Currently there is no problem when using Firefox or when accessing the site via a Blackberry Playbook (it uses different browsers)

    When we "inspect" the webpage (right click, "inspect element"), we see 3 errors on the AIB login page, this is at their side, not ours - as of course we don't host their site.......We phoned them yesterday (Sunday) and the guy we spoke with said the error is on our side, now he may well be correct, but we don't think so. But again, we could be wrong. We were advised not to log in via an unprotected connection and to phone them again today (Monday) and they'll transfer us to their IT dept. That said we informed AIB of the problem last week but to no avail.

    Does anyone else have the same problem? Does anyone else use Win 7 Starter or Win 8.1 (basic edition)? The guy at AIB said if there was a problem they would have loads of calls about it but hadn't. He said he uses Chrome and had seen no problems. We did ask at a specific IT security forum and were told: problem is on the banks side.

    Of course, that is just an opinion. But if it is the case that it is on AIB's side then it's a hell of a mess. The last thing anyone wants to do is unknowingly log into their online bank a/c through an unprotected connection. So, anyone else have the same problem? Thanks.


Comments

  • #2
    bmm
    Registered Users, Registered Users 2 Posts: 912 ✭✭✭bmm


    Is the start of the url https:/ or is it http:/ ????? The "s" meaning secure ,which is the important piece.


  • #3
    Snake
    Closed Accounts Posts: 1,844 ✭✭✭Snake


    Secure for me on my Xperia Z2 with Google Chrome


  • #4
    _dof_
    Registered Users, Registered Users 2 Posts: 449 ✭✭_dof_


    Yep, seeing the same thing using Chrome on a Window 7 machine.

    The warnings in chrome are indicating it's the links for the form items on the left side of the page are linking to unsecure pages

    So not really a security problem with logging in, the page is encrypted with SSL, and the login details will be encrypted, it's just the links for the form items on the left side of the page are linking to unsecure pages. Sloppy from their side. Should all be https links instead of http.


  • #5
    sonya7
    Registered Users Posts: 44 sonya7


    bmm wrote: »
    Is the start of the url https:/ or is it http:/ ????? The "s" meaning secure ,which is the important piece.
    The login webpage starts with https:


  • #6
    _dof_
    Registered Users, Registered Users 2 Posts: 449 ✭✭_dof_


    It's the links for the list on the left side that contains http not https links

    Current Security Alert - incorrectly using http link instead of https
    Useful Contacts - is okay, that's using a https link
    Help Centre - incorrectly using http link instead of https
    Technical Difficulties - incorrectly using http link instead of https

    That is implemented as a form, so Chrome is reporting that some parts of the form are using unsecure links.

    So its not a problem for logging into your bank account, that part is still encrypted.


  • Advertisement
  • #7
    sonya7
    Registered Users Posts: 44 sonya7


    _dof_ wrote: »
    Yep, seeing the same thing using Chrome on a Window 7 machine.

    The warnings in chrome are indicating it's the links for the form items on the left side of the page are linking to unsecure pages

    So not really a security problem with logging in, the page is encrypted with SSL, and the login details will be encrypted, it's just the links for the form items on the left side of the page are linking to unsecure pages. Sloppy from their side. Should all be https links instead of http.

    Yes, it is probably just some sloppy coding/design but the thing is how come it started showing these errors now and it didn't seem to be the problem a few days ago? Just a couple of days ago Opera had this green lock sign on that login page and now it is just a grey globe sign.


  • #8
    sonya7
    Registered Users Posts: 44 sonya7


    _dof_ wrote: »
    Yep, seeing the same thing using Chrome on a Window 7 machine.

    The warnings in chrome are indicating it's the links for the form items on the left side of the page are linking to unsecure pages

    So not really a security problem with logging in, the page is encrypted with SSL, and the login details will be encrypted, it's just the links for the form items on the left side of the page are linking to unsecure pages. Sloppy from their side. Should all be https links instead of http.

    Yes, it is probably just some sloppy coding/design but the thing is how come it started showing these errors now and it didn't seem to be the problem a few days ago? Until a couple of days ago Opera had this green lock sign on that login page and now it is just a grey globe sign.


  • #9
    Deliberator
    Registered Users Posts: 87 ✭✭Deliberator


    Google is "sunsetting" SHA1...

    Cannot paste link. Apparently I'm a new user...


  • #10
    Deliberator
    Registered Users Posts: 87 ✭✭Deliberator


    Excerpt from googleonlinesecurityDOTblogspotDOTie

    The SHA-1 cryptographic hash algorithm has been known to be considerably weaker than it was designed to be since at least 2005 — 9 years ago. Collision attacks against SHA-1 are too affordable for us to consider it safe for the public web PKI. We can only expect that attacks will get cheaper.

    That’s why Chrome will start the process of sunsetting SHA-1 (as used in certificate signatures for HTTPS) with Chrome 39 in November. HTTPS sites whose certificate chains use SHA-1 and are valid past 1 January 2017 will no longer appear to be fully trustworthy in Chrome’s user interface.

    SHA-1's use on the Internet has been deprecated since 2011, when the CA/Browser Forum, an industry group of leading web browsers and certificate authorities (CAs) working together to establish basic security requirements for SSL certificates, published their Baseline Requirements for SSL. These Requirements recommended that all CAs transition away from SHA-1 as soon as possible, and followed similar events in other industries and sectors, such as NIST deprecating SHA-1 for government use in 2010.


  • #11
    Rucking_Fetard
    Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    Deliberator wrote: »
    Google is "sunsetting" SHA1...

    Cannot paste link. Apparently I'm a new user...
    Need 50 posts.


  • Advertisement
  • #12
    Rucking_Fetard
    Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    In cryptography, SHA-1 is a cryptographic hash function designed by the United States National Security Agency
    SHA-2 is a set of cryptographic hash functions designed by the U.S. National Security Agency

    lol


Advertisement