Not only iPhones
I get it on Ubuntu too. If I have time, I might try calling HSBC and say I'm having difficulty installing Raport - some light entertainment for the afternoon.
HSBC's iPhone app for online business banking warns customers that their reassuringly expensive Apple mobiles are in fact PCs - and insecure ones at that. In a surprising cock-up, the bank's app incorrectly identifies the shiny phones as Windows PCs, and scolds fanbois for not having security watchdog software Rapport …
Any Linux in fact, but they've now made it worse as you have to get reminded every 8 days. I contacted them previously asking why they insisted on prompting me to download and install a product which doesn't run on my machine and they replied with some garbage about it being in the public interest. Are they telling me they can't set an opt-out cookie or detect my OS is one of those they provide the software for (assuming I don't refuse cookies and obscure my OS)?
You're lucky they actually listened. When I tried to fix a problem with RBS's online banking a few years ago (it just kept refusing to allow me to log on even when using the correct credentials with someone watching over my shoulder to check I was doing it right), they just claimed that they did not support any OS other than Windows and OSX, and suggested I get another PC.
Turned out to be a bug in their code causing buttons to be off the screen, and also mis-handling the return key as a form completion action.
Eventually I did get put through to someone who knew a little about Linux (after having the access blocked and enabled at least three times), who was able to confirm that their login process was not working with Firefox on Linux. They did even fix it!
Not just the ones with the creepy Chinese kids planning world domination, but that they put the same adverts on all the world's jetways. So the last thing you see before getting on a plane is an HSBC ad, then ten hours later you emerge, shattered, apparently in the same place.
You have to give them credit, where credit is due, these b*stards have put aside NINE-BILLION POUNDS to clean up their laundry business and they haven't even started looking at Euribor.
This is the world's largest criminal entity with branches all over the world''Now you can add blackmail, My Secure(sic)Key hasn't arrived so the said OK, you're OK until September.
Imagine my surprise, and extreme annoyance when, last Friday I couldn't access my account. The InterNet Banking mob said no money until you use Secure(sic)Key - and I'm in the Far East.
A rough guess off the top of my head is that 90% of Linux users are IT literate enough not to be fazed by the message, and to see it as a bit of a giggle as did 'My Alter Ego'. No great worries.
The other 10% might have a Linux box set up for them by a family member, for the purposes of online banking and maybe skyping grandchildren.
(Terrible generalisations, I know)
Well it could serve as a good warning that the free fraud detection software being pushed is not even capable of identifying the client OS. I find this particularly interesting from an IT angle, not to mention that if people actually rely on this software and it stumbles at the low hurdle of stepping over the 1/2" threshold of installation then this is particularly worrying. Having worked in the software industry for a good while now, if your installation sucks donkey balls then your software is so full of bugs it probably cannot be considered a product.
So let's call this article a review from the wild in case any security folks are considering a purchase. Purchase product, create false sense of security, and effectively increase fraud and support calls.
"...their reassuringly expensive Apple mobiles..."
"...the shiny phones..."
Ms Leach is, yet again, attempting to be the one who mocks Apple most in what I can only imagine is some desperate attempt to be promoted to the role of journalist.
Perhaps she should open a dictionary and look up "objective", and "unbiased" first.
"Ms Leach is, yet again, attempting to be the one who mocks Apple most in what I can only imagine is some desperate attempt to be promoted to the role of journalist."
And perhaps you might read The Register for a while longer and realise that they are equal-opportunities mockers. It's not just Apple - they'll mock anyone. It's their house style, just as much as trendy leftiness and muesli-knitting is the house style of The Guardian, or reactionary hating of minorities and foreigners is the house style of the Daily Mail.
They could put it on the masthead: "The Register: They code. We mock." It's what makes it worth reading.
This post has been deleted by its author
Disingenuous - even sophistry.
So if HSBC assumes a PC running windows, cue mocking of Apple & Apple users.
No mockery of Linux in its various incarnations?
No mockery of Linux users?
No mockery of Android?
No mockery of Android users?
Equal mockery?
PS
I've been reading The Register for over 10 years, so perhaps your patronising could be addressed at the same time as your sophistry.
Apologies for being patronising. I guess I've been reading the Register for about the same length of time. No harm intended. Nonetheless, I do think they're pretty even-handed in their mocking. But I don't use Apple products (not because I don't like them, I just can't afford them) so I'm not especially sensitive to their treatment.
So HSBC want me to "download" some random software despite the fact that I have
1. No idea if this will impact on any other software that I have installed (or indeed includes some unknown holes that will place other areas of my on line activity at risk, and
2. ignores the fact that I have very good anti virus and anti spyware/malware software installed and with which I sweep my machine regularly.
Not the first HSBC annoyance. the new generation ATM they installed at my local branch is the only one that I am aware of on our high street that DOESN'T have a facility for ATM Deposits. Inquiries in branch suggest that they have been told that deposit accepting machines are no longer available from the manufacturers... and the helpful suggestion that there is a lobby service 20 miles (and a toll bridge crossing) from me.
HSBC is looking increasingly inept and disconnected from the real world - it is probably time for me to move my account to a better bank.
LMFTFY
HSBC is incredibly inept and disconnected from the real world - it is probably long past time for me to move my account to a better bank
Funnily enough I was telling the missus last night that I was going to move the joint account to another bank. HSBC have been horrific for years now (especially when it comes to charges) so I've been moving everything over to other banks. They're all pretty poor, but some are worse than others.
t is probably time for me to move my account to a better bank
If you have a business a/c you should have done that long ago - any criminal can trick HSBC into giving your money away to them by simply changing your Companies House records - they don't even need to be on the account mandate..
the Question is, where do we move our accounts?
I have moved mine twice in the last 2 years because of the crap service and silly charges certain banks impose. You then have others trying to fiddle things. Where would our money be safe?
They also need a more standardised moving procedure. Yes I know it is much easier now than it was but I should be able to move it as if I was changing braodband suppliers.
Funnily enough the only British bank that hasn't managed to piss me off for the last 20years is First Direct - ironiclly owned/part of HSBC.
ps. HSBC is even more incompetent here in the colonies. The world's favourite bank - in the same way that Malaria is the world's favourite parasite.
Go with the Co-op. I switched to them years ago from HSBC, and have been immensely impressed. Although, they do still bug me about that Rapport crap. I'm not installing a pointless, deeply-rooted resource hog with low-level access on my machines. Good basic AV + non-IE browser + big pile of common sense = safer banking. And if anyone mentions Linux I'll slap them.
However, as a loyal Coop/Smiler for the last decade, they've been promoting Rapport every time I log in. Did so once on my Mac and the spinning ball of death was a constant companion until i disabled it. Surely easier to suggest people have good virus protection and go banking over Tor or something of that ilk??
I use a Mac Pro, and have had Rapport installed since it was first recommended by the Co-Op. Naturally I checked it out thoroughly before installing it, but I'm happy to do so as any assistance given in keeping assorted Romanians, Russians etc., away from my hard-earned is welcome.
No, it seems to have no adverse impact at all on the operating speed of my Mac - but of course, YMMV according to your individual config.
... that was flagged up for having some gaping security flaws itself a few months back?
Santander nag about it too, but a little more smartly by the sounds of it, so on my desktop I have (for their site) been able to set the browser agent appropriately so as for them to believe it incompatible - which strictly speaking it is anyway, since AFAIK Rapport does not run on Iron, only pukka Chrome.
What they don't tell you is that most of the shitheads pushing this POS have a little trick up their sleeves. Once they've detected it being used the first time, any subsequent attempt to connect from a machine lacking it gets the Foxtrot Oscar treatment. Trying to get your account "unblocked" afterwards is like attempting to climb the North Face of the Eiger in clogs and mittens.
Or in other words:
1) It's a bloated, poorly written clog.
2) It hides itself deep in the OS.
3) You can't uninstall it without breaking something important.
4) Trying to uninstall it merely proves that the uninstall process is b0rken.
5) It throws false positives around like confetti. All time favourite example of this was when a relative who'd been strongarmed into using it found it flagged and disabled the BT Broadband client driving their old skool ADSL modem at the time. So they could access their bank "safely", if they'd been able to access the internet at all......
Ticks all the boxes to qualify as malware for me. Makes Sony's world-famous DRM system look like a shining beacon of best practice by comparison.
As Trusteer seem to have managed to get many of the major banks to sign up to their shit, I can't help thinking that if they spent half as much money and effort on their software as they obviously do on sharp-suited sales weasels, schmoozing clients and backhanders, they might have a decent product......
Yep it is annoying that Santander do this too.
It shows on Linux and even if I hit the main site on a Nokia Symbian phone (not the m. mobile site).
I can't install it on the work machine, I wish there was an option to not show this message again.
According to the pedia of wiki (ie. pinch of salt but nonetheless...):
"Some users have reported problems with Rapport, including high CPU utilisation and difficulty in removing the software.[10] Recently, updates made to Rapport have caused user machines to fail at boot-up with a Blue Screen of Death; the problems are resolved by renaming the file RapportEI.sys.[10]
In a recent presentation given at 44con, bypassing Trusteer Rapport's keylogger protection was shown to be relatively trivial."
Why? If they can keep the mafias money safe then they are probably a better bet than any other bank.
RBS goes down, we pay them out and they get 6 figure bonuses.
HSBC goes down they end up face down in the river
Hmmm, I wonder who has the best incentive to do their bloody job right?
I assume they have some kind of user agent sniffer which looks for some string which says rapport is there and if it's not redirects the user to a warning page. Of course, if the sniffer was doing its job properly it would ignore people whose OS was not Windows or Mac, or at least direct them to a more relevant warning to their platform.
You know it surprises me that on even this site no one has realized that this probably isnt actually a problem.
Its very likely that the browser on the phone is set up to identify itself as a desktop browser (most probably IE). If it apes IE like the Symbian 7.3/7.4 browser then rapport is probably pulled down to install because of the numerous security problems with IE and the fact the server side equipment cannot tell the difference between an idiotOnSlab device (or Symbian or Android) masquerading as desktop IE and the real thing.
I have the dubious joys of banking with the "Worlds Local Mafia Front" and I use Opera on both desktop machines and phones/handhelds. I have never run into this 'rapport' request and it is not installed on my netbook running Windows 7.
Maybe someone from HSBC should clarify *exactly* what the usage cases are for this 'rapport' client and when and on what systems it is installed?
** Historical side note, Israel, for the last 1880 years has been referred to as 'Zion'. To be classified as a 'Zionist' for the majority of that time means nothing more than 'Jewish person wanting to go back to the 'home'land that Cyrus nicked for them'. Calling a piece of software that is written and produced in that country 'Zionist' is therefore entirely correct, if inflammatory, just the same as calling agrochemicals manufactured by Makteshim Agan the same thing is therefore entirely correct (just dont mention to the BASF sales director that you are buying from them...). The fact that every commentard on this thread has fallen for it, and claimed membership of the 'tinfoil hat brigade' for the person who mentioned it shows the usual lack of knowledge of the situation. Oh, and please remember, Israel are not the most popular country in that neck of the woods, something to do with the odd pre-emptive attack, being funded by the USA (well known for their respect for national boundaries), not to mention the odd 'what, other countries have legal rights over and above our thirst for revenge, who knew?' illegal extraction of wanted war criminals.
"Historical side note, Israel, for the last 1880 years has been referred to as 'Zion'. To be classified as a 'Zionist' for the majority of that time means nothing more than 'Jewish person wanting to go back to the 'home'land that Cyrus nicked for them'"
I think the operative word in that quote, is majority. Words chage their meaning over time, and since the early 20th century, the implication of the word 'Zionist' is that of a Jewish conspiracy. Whilst accusing the Jews of various crimes was historically a favoured past-time amongst the Christian peoples, it has fallen out of favour somewhat in the last century or so, along with the use of the swastika as a symbol of peace.
Therefore, to write about 'zionism' these days implies that the author believes there is a worldwide Jewish conspiracy, beyond the legitimate interests of the modern state of Israel. The author has duly earned his (or her) tinfoil headwear as a result of this misapprehension.
Actually no - all it means in the purest form of the word 'meaning' is Zionist as I stated previously.
You are making the assumption that because some people floating around in the 18th, 19th century who were using the 'Zionist' label as an excuse for political troublemaking - that this person is trying to resurrect the same thing. Not to mention the fact of those lovable rogues known to history as the NSDAP.
90% of the people outside right-wing-nutjobs clubs, historians and the Jews (for whom it is a large part of their recent history) would have the faintest clue what 'Zionism/Zionist' actually means.
Heres a different thought - since the events of 33-45 - people dont like using the term 'Jewish' because of its connotations of racial abuse. Since 'Judean' is a little too retro, and Ashkenazi/Sephardim too confusing for the average chav.. using the term 'zionist' has no racial connotations.
Don't label people with your own assumptions and point of view when you know nothing about them.
If I may direct your attention to the beggining of the article and the only image, you'll quickly notice that it is an iPhone. Which (normally!) uses this useragent:
Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3
Depending on you version of iOS, 5.0 in the case of this particular useragent. To avoid this misshap all that needs to be checked for is the word "Mobile" and possibly "iPhone" if you want to be clever and doubly sure.
What I think has happened is somebody is just checking for "Mac OS X", "Windows" and "Desktop" and ignoring everything else. If I'm not mistaken there is a lovely little piece of JavaScript you can get that will not just tell you the kind of device (phone, laptop, desktop, tablet) but also the OS and particular device in most cases.
And not forgetting their terrorist activities including such pleasantries as deliberately targetting and and shooting children, using children as human shields, targetting medics and hospitals, shelling public beaches and civilan areas in general, numerous extrajudicial targetted excutions and murders - and using white phosphorus on civilians....
It's funny that HSBC are so obviously cutting back in departments that actually count and yet they're making billions laundering money for middle eastern dictatorships(or not)...typical upper management..."Testers...surely the developers we outsourced in India do enough testing!" Even though their contract clearly stipulates they are responsible for development only.
Just speculating...and yes I'm a dev in a department who's just had our budget slashed by those 'up there' because they don't think it's necessary. Apparently quality control is so 20th century.
Bloated, inefficient, insecure and wholly unnecessary. Trusteer's known for having done deals with some of the UK's major banks (and some overseas) to push their Rapport security software. It probably works OK on an unprotected machine with no antivirus/internet security package but I've only ever seen it cause problems on a patched, protected machine.
Usually on those machines there's some fundamental loss of functionality - inability to access the Internet, error messages or crippled behaviour. Guess what fixes it? Removing the Rapport software. Terrible piece of sloppy programming which achieves nothing except infuriating the user.