Unprotected Connection, AIB Internet Banking

lilies

Registered User
Messages
20
Hi folks, so, last Thursday we noticed that the usual protected/secure connection to our AIB personal online banking was suddenly unprotected, so, we contacted AIB. Anyway, the same problem persists as of now. We use two netbooks, one uses Windows 7 Starter and the other uses Windows 8.1 (basic edition) We usually use Opera (browser) but sometimes use Chrome. Chrome is showing a grey lock with a warning sign. Opera shows no lock at all. Currently there is no problem when using Firefox or when accessing the site via a Blackberry Playbook (it uses different browsers)

When we "inspect the page" (right click, "inspect element"), we see 3 errors on the AIB login page, this is at their side, not ours - as of course we don't host their site.......We phoned them yesterday (Sunday) and the guy we spoke with said the error is on our side, now he may well be correct, but we don't think so. But again, we could be wrong. We were advised not to log in via an unprotected connection and to phone them again today (Monday) and they'll transfer us to their IT dept. That said we informed AIB of the problem last week but to no avail.

Does anyone else have the same problem? Does anyone else use Win 7 Starter or Win 8.1 (basic edition)? The guy at AIB said if there was a problem they would have loads of calls about it but hadn't. He said he uses Chrome and had seen no problems. We did ask at a specific IT security forum and were told: problem is on the banks side.

Of course, that is just an opinion. But if it is the case that it is on AIB's side then it's a hell of a mess. The last thing anyone wants to do is unknowingly log into their online bank a/c through an unprotected connection. So, anyone else have the same problem? Thanks.

EDIT: Have asked elsewhere, other Irish and international online forums, about this and we were told yes, there is a problem and yes, it is on the banks side. Seems that whoever designed/coded the AIB page did it incorrectly, sloppily may have been the term used, and that is why pages are showing as unprotected, I'm unsure whether they are in fact unprotected though, but they are not, as they should be, showing the green lock/protected sign because of the errors on AIB's side. This is something they should address. Call me picky but it doesn't exactly, em, instill confidence.
 
Hi,

Am having this problem also. It was originally only on internet banking but appears now on all https pages and only when using Google Chrome. Firefox and Internet Explorer seem to be fine. Am also on Windows7.
 
Using Windows 8.1 64 bit here with Chrome Version 37.0.2062.103 m and I am seeing the following errors on the Chrome console:

The page at 'https://aibinternetbanking.aib.ie/inet/roi/login.htm' was loaded over HTTPS, but is submitting data to an insecure location at 'http://www.aib.ie/securitycentre': this content should also be submitted over HTTPS.

login.htm:146
The page at 'https://aibinternetbanking.aib.ie/inet/roi/login.htm' was loaded over HTTPS, but is submitting data to an insecure location at 'http://www.aib.ie/ibhelp': this content should also be submitted over HTTPS.

login.htm:151
The page at 'https://aibinternetbanking.aib.ie/inet/roi/login.htm' was loaded over HTTPS, but is submitting data to an insecure location at 'http://personal.aib.ie/help-and-guidance/technical-help-system-settings': this content should also be submitted over HTTPS.

These are appearing since the main page is HTTPS, but those three forms are being submitted to a HTTP URL (the action attribute of the form). Clicking on them will bring you from a secure (HTTP) page to an unsecure HTTP page, which is what it is complaining about.

It's sloppy coding but is not insecure from sending your login details, as it is not part of the form submission for the login, its just the three links at the left hand side (Current Security Alert, Help Centre and Technical Difficulties). Useful Contacts is fine as it uses HTTP in the form action attribute. I dont know why they are form submissions anyway, they should just be <a> anchor links.
 
I have submitted a detailed email to AIB security centre about this, as it will cause confusion and worry for users.
 
Hi username,

Thanks for the reply. Just wondering if you have heard anything back from AIB as I see the situation is still the same. I'm using a different browser just for internet banking to avoid this problem.
 
Changing browser doesn't avoid the problem, it just masks it. Chrome is better at reporting errors/violations than other browsers, so the issue is there no matter what browser you use.

No haven't heard anything back, nothing at all :mad:
 
Hi folks, we phoned them but they said they couldn't help as it was a job for their technical dept and they don't speak to customers directly, we emailed them several days ago to [email protected] (having been told to, they don't reply from [email protected]) - no response. Thing is every other bank is fine: Ulster Bank, BOI, Irish Permanent, KBC, Rabo etc, the screw up is only with AIB. What a joke for a bank having been informed days ago to have done absolutely nothing about it. For now we're using Firefox on pc and Origami browser on Blackberry Playbook. It's ok on those - for us anyway. It's a ridiculous situation for a bank login page.
 
It's sloppy coding but is not insecure from sending your login details, as it is not part of the form submission for the login, its just the three links at the left hand side (Current Security Alert, Help Centre and Technical Difficulties). Useful Contacts is fine as it uses HTTP in the form action attribute. I dont know why they are form submissions anyway, they should just be <a> anchor links.

I agree. Very bad practice from a developer point of view , but no security issues as no personal information is passed over the http connection.

I think the word sloppy sums it up nicely.
 
Just got an email back from AIB, they are forwarding it to their IT dept. "Thank you for your email. I have sent your query onto the IT department who will investigate this for you further."
 
Back
Top