Re: My bank doesn't require JS
A UK bank I use appears to have made a change to the code/behaviour of their Online Banking in the past month or so. I only noticed when I tried to download the latest monthly statement and nothing happened when I clicked on it - apart from that issue I see no other functionality problems.
As I have a very locked-down browser I checked and noticed 2 new bank subdomains being blocked that wanted to load some JavaScript. Not entirely unusual - websites are changed all the time. So I permitted those 2 subdomains and then noticed my browser making requests to 3 "obscure" domains of the form "1.<very long seemingly random name>.com. A "whois" showed the 3 registered at the time date/time about 4 years and the domain owner's name is hidden behind a proxy domain registration company.
These strange web requests are *definately* triggered by enabling the 2 new bank subdomains - if I disable them again then no traffic to the strange domains occurs, re-enable them and it starts again immediately etc
I suspect this traffic is not due to a hack but rather is a new analytics company that the bank has started using in the past month (analytic companies like to use "obscure" domains). However the traffic is suspicious - not the sort of thing I would expect a "secure" online banking system to do.
I've phoned the bank and as expected got nowhere with that approach. I've opened a "help" ticket in online banked and provided "developer mode" screenshots of my brower's requests when this happened.
I suspect it will be a long slow effort to get the bank to comment on this.
Biting the hand that feeds IT
