NetSurf users hit by HSBC account freezePublished: 23rd Oct 2006, 03:19:16 | Permalink | Printable
RISC OS machines accused of being backdoored by virusesNetSurf users are reeling from HSBC's shock decision to suspend their accounts because their RISC OS computers are allegedly infected with spyware. The high street bank has confused the open source browser NetSurf with a strain of PC malware going by the same name, and has locked their customers out for security reasons, it is believed.
Days after celebrating the fact that NetSurf was finally able to log into the HSBC online banking website, RISC OS users were stunned when letters dropped on their doormats telling them they were banned from using their accounts. Punters say they were forced to turn up at their local branch with photo ID and sign a form promising to use Microsoft Windows XP with anti-virus software installed before they could access their money again.
In the letter, HSBC told RISC OS users: "An unauthorised person may have used your internet banking security number to log on to your Personal Internet banking. We believe that a PC that you use to log on to Internet banking may be infected with spyware. It is important that you do not use this computer until the problem has been identified and fixed. Some spyware programs can log your keystrokes, gathering personal data, then sending this to criminals."
There have been no reports of the existence of any Internet-based spyware for RISC OS. NetSurf and HSBC user Dave Ruck said the bank's decision had left him "nearly destitute" and "probably seriously overdrawn" with no way of paying off his bills. Another user, Tim Hill, fumed: "It is simply not good enough to test a website with a handful of mainstream desktop browsers or limit access in that way."
A HSBC technical support staffer said in response to complaints: "I cannot unfortunately confirm whether you would be able to access the accounts again using [NetSurf] or if the accounts would again be disabled. I have however escalated the matter to the concerned department who would be looking into the issue you faced. In the interim however, please use the browsers supported by us to access your accounts as these are browsers have been tested on our sites."
Through its so-called 'user-agent', NetSurf declares its name and version to websites as simply 'NetSurf' - whereas many other browsers lie and claim to be the latest release of Microsoft Internet Explorer running on Windows to dodge careless checks introduced by lazy webmasters. It is thought a piece of harmful PC spyware that is known to identify itself as 'netsurf.exe' is being confused with the NetSurf web browser, and therefore setting off alarm bells at HSBC.
Over the weekend, the NetSurf development team stressed they could not confirm that the problem was due to NetSurf's user-agent. Coder James Bursa said it is possible an unknown bug in NetSurf's handling of cookies or forms may have triggered HSBC's security systems. The team are sticking by their decision not to change the user-agent string, adding that punters can download and edit the source code if they want to change it. The release of NetSurf 1.0 will likely see the browser user-agent declare itself along with a version number and other details, according to James.
HSBC say they will only support Internet Explorer and Netscape on Microsoft Windows, Apple Mac or GNU/Linux systems.
Previous: South East 2006 show report
Next: HSBC embraces NetSurf and RISC OS
DiscussionViewing threaded comments | View comments unthreaded, listed by date | Skip to the end
Please login before posting a comment. Use the form on the right to do so or create a free account.
Search the archives
Today's featured article
Brush up your ARM coding skills with Matthew Bloch's assembler guide
Discuss this. Published: 27 Feb 2001
Spread compiler work over your network
Alex 'Sunfish' Waugh ports distcc to RISC OS
Discuss this. Published: 11 Feb 2007
News and media:
RISCOS Ltd •
RISC OS Open •
MW Software •
Advantage Six •
CJE Micros •
Liquid Silicon •
Chris Why's Acorn/RISC OS collection •
The Register •
The Inquirer •
Apple Insider •
BBC News •
Sky News •
Google News •