[clug] St George banking only a javascript away

Michael James clug at james.st
Mon Feb 7 07:29:11 GMT 2005 

A while ago internet banking at St George seemed to sputter into life.
(Using Suse 9.2 Pro Linux, Firefox, Sun Java 1.4.2)

Clicking the "Logon" link on the home page took you to:
	https://ibank.stgeorge.com.au/html/redirect.asp

This usually did nothing but turn the location bar yellow
 denoting HTTPS.
But repeatedly hitting reload would eventually
 give a login popup window which worked fine.

As of this year, that stopped happening,
 just blank page and no popup.

So I did a view source on the blank page.
It's javascript, it tests the environment
 and redirects to: 

	/html/redirect.asp?bhjs=0
	/html/redirect.asp?bhcp=1
	/html/redirect.asp?"+rs+"&bhqs=1"
	/html/redirect.asp?"+rs+"&bhqs=1"

Hand typing either
	https://ibank.stgeorge.com.au/html/redirect.asp?bhjs=0
 or	https://ibank.stgeorge.com.au/html/redirect.asp?bhjs=1
 will get you a login window that works fine.

What are they testing for?

Why does it fail to progress?
Does it progress for you?
 (I tried turning on all javascript permissions
 	and it still goes nowhere for me.)

Does this amount to deliberately denying Linux?


The testing javascript follows:


<HTML><HEAD>
<!-- These scripts are provided under the terms of the BrowserHawk 
license agreement
and may not be copied or used otherwise. [7, 0, 1, 0 Enterprise] See 
cyscape.com for details.
Copyright (C) 1999-2003 cyScape, Inc. All rights reserved.	
-->
<noscript><meta http-equiv="refresh" content="0; 
url=/html/redirect.asp?bhjs=0"></noscript>
<script language="JavaScript">
<!--
function bhawkTest() {
  var bhjv = escape('Java N/A');
  if (document.bhjvmd) bhjv = escape(document.bhjvmd.getJavaVendor());
  var rs = "bhjv="+bhjv;
  if (document.cookie.indexOf("bhCookieSess=1") != -1) {
    document.cookie = "bhResults="+rs+"; path=/";
    document.cookie = "bhPrevResults="+rs+"; path=/";
    if (document.cookie.indexOf("bhResults") != -1)
      self.location.replace("/html/redirect.asp?bhcp=1"); 
    else self.location.replace("/html/redirect.asp?"+rs+"&bhqs=1");
  }
  else self.location.replace("/html/redirect.asp?"+rs+"&bhqs=1");

}
// -->
</script>

</head><title></title>
<noscript><body onLoad="bhawkTest();"></noscript>
<script>document.write('<body onLoad="bhawkTest();">');</script>
<script language="JavaScript">
<!--
if (navigator.javaEnabled()) document.write('<applet 
code="JVMDetector.class" name="bhjvmd"  width=1 height=1><param 
name="legal" value="This is copyrighted software and provided under 
license cyScape, Inc. (www.cyscape.com). All rights 
reserved."></applet>');
// -->
</script>

</body></html>

More information about the linux mailing list