[clug] St George banking only a javascript away
Michael James
clug at james.st
Mon Feb 7 07:29:11 GMT 2005
A while ago internet banking at St George seemed to sputter into life.
(Using Suse 9.2 Pro Linux, Firefox, Sun Java 1.4.2)
Clicking the "Logon" link on the home page took you to:
https://ibank.stgeorge.com.au/html/redirect.asp
This usually did nothing but turn the location bar yellow
denoting HTTPS.
But repeatedly hitting reload would eventually
give a login popup window which worked fine.
As of this year, that stopped happening,
just blank page and no popup.
So I did a view source on the blank page.
It's javascript, it tests the environment
and redirects to:
/html/redirect.asp?bhjs=0
/html/redirect.asp?bhcp=1
/html/redirect.asp?"+rs+"&bhqs=1"
/html/redirect.asp?"+rs+"&bhqs=1"
Hand typing either
https://ibank.stgeorge.com.au/html/redirect.asp?bhjs=0
or https://ibank.stgeorge.com.au/html/redirect.asp?bhjs=1
will get you a login window that works fine.
What are they testing for?
Why does it fail to progress?
Does it progress for you?
(I tried turning on all javascript permissions
and it still goes nowhere for me.)
Does this amount to deliberately denying Linux?
The testing javascript follows:
<HTML><HEAD>
<!-- These scripts are provided under the terms of the BrowserHawk
license agreement
and may not be copied or used otherwise. [7, 0, 1, 0 Enterprise] See
cyscape.com for details.
Copyright (C) 1999-2003 cyScape, Inc. All rights reserved.
-->
<noscript><meta http-equiv="refresh" content="0;
url=/html/redirect.asp?bhjs=0"></noscript>
<script language="JavaScript">
<!--
function bhawkTest() {
var bhjv = escape('Java N/A');
if (document.bhjvmd) bhjv = escape(document.bhjvmd.getJavaVendor());
var rs = "bhjv="+bhjv;
if (document.cookie.indexOf("bhCookieSess=1") != -1) {
document.cookie = "bhResults="+rs+"; path=/";
document.cookie = "bhPrevResults="+rs+"; path=/";
if (document.cookie.indexOf("bhResults") != -1)
self.location.replace("/html/redirect.asp?bhcp=1");
else self.location.replace("/html/redirect.asp?"+rs+"&bhqs=1");
}
else self.location.replace("/html/redirect.asp?"+rs+"&bhqs=1");
}
// -->
</script>
</head><title></title>
<noscript><body onLoad="bhawkTest();"></noscript>
<script>document.write('<body onLoad="bhawkTest();">');</script>
<script language="JavaScript">
<!--
if (navigator.javaEnabled()) document.write('<applet
code="JVMDetector.class" name="bhjvmd" width=1 height=1><param
name="legal" value="This is copyrighted software and provided under
license cyScape, Inc. (www.cyscape.com). All rights
reserved."></applet>');
// -->
</script>
</body></html>
More information about the linux
mailing list