[shameless plug] Re: [clug] New script based Phishing makes Windows even less safe.

Bob Edwards Robert.Edwards at anu.edu.au
Thu Nov 11 01:58:55 GMT 2004

Actually, I should have also said that I am very pleased that my bank
(Which Bank?) have been Linux-friendly for quite a while and I am happy
to turn on Javascript on my Linux machines in order to access it.

However, there are browsers that don't do Javascript (think thin clients
etc.), it can be a security issue for other (older) browsers and I don't
know why Commonwealth Bank insist on using it.

As Matt pointed out, Westpac don't even need Javascript on their site -
so it clearly can be done!

Either way, I would feel a little more confident with some sort of one-
time password system such as the one Martijn has discussed in use in
the Netherlands.


Bob Edwards.

Pearl wrote:
> Really?  I never noticed that it required javascript (I never turn off 
> javascript).  Still, I think the most important thing is it has worked for 
> ages in Linux, even in non-Gecko based browsers without you needing to do 
> anything special.  You have to give Commonwealth credit for that...
> Pearl
> On Thu, 11 Nov 2004 10:55 am, Bob Edwards wrote:
>>Your definition of "plain HTML" and mine are a little different.
>>Whilst I agree that the Commonwealth Bank site runs without requiring
>>Java support at the browser, it does require Javascript - arguably a
>>more insidious threat on some browsers. Requiring Javascript at the
>>browser disqualifies it from "plain HTML" in my book.
>>Bob Edwards.
>>Pearl wrote:
>>>Commonwealth also uses plain HTML with encryption and have for years. 
>>>They do use java to display a banner ad though.  Why they choose to do
>>>this is beyond my comprehension because as far as I can tell it is simply
>>>a plain banner ad. All I know is if I don't have java installed the only
>>>thing that doesn't work is the banner ad.  It works in Konqueror, Opera
>>>and Gecko based browsers (in Windows and Linux).

More information about the linux mailing list