Banking Protection annoying bug!

Advocate

Banking Protection annoying bug!

I've recently noticed a new behavior: If a normal(non-banking) website has a HTTPS reference to a PayPal image for donation, then Banking Protection starts. It even started while I was writing this post, after I added an image by URL from PayPal Smiley Embarassed

 

I have this problem in IE and Opera, but not in Firefox, which is also strange. I don't use Chrome but since Opera is Chromium based I guess the problem might occur in Chrome too.

 

 

The image above is enough to trigger Banking Protection in my IE or Opera. That's not how I expect Banking Protection to work.

Image URL is: https://www.paypal.com/en_US/i/btn/btn_donateCC_LG.gif  

 

EDIT: Sometimes I need to Refresh the page before Banking Protection starts. But my point is: it shouldn't start at all.

15 REPLIES 15
Superuser

Re: Banking Protection annoying bug!

I've noticed that too.  In fact, I've even had Banking Protection launch when viewing emails showing transactions, without the browser being open.

Advocate

Re: Banking Protection annoying bug!

Ok. It's probably the same reason: an HTTPS reference to show an image in an email.

 

It would be interesting if someone with Chrome could test this by viewing this actual thread in Chrome.

If Banking Protection doesn't start right away then Reload the page.

Superuser

Re: Banking Protection annoying bug!

About Firefox (I not sure... about that strange browser);


But, for example, Banking Protection can be not start... if blocked "third-party" cookies (or simply "some kind of" items, which not related with current webpage.....  if here have something about privacy-filters).

For example, it will be with Internet Explorer too.

 

I mean about current "picture".

Superuser

Re: Banking Protection annoying bug!

about HTTPS - probably it's just "one of required things", which needed for initilization of Banking Protection.

 

But here also.... just paypal marked as totally "related" item with online-payments/banking.

I not sure.. but what if during that picture always goes "code" or other.. which certainly related with banking. :)

 

Anyway - with somewhat reasons it's should be detected.. if user start do something around online banking.

 

And sorry - I not really love paypal :) not sure.. that know - how it works :)

Superuser

Re: Banking Protection annoying bug!


@NikK wrote:
I have this problem in IE and Opera, but not in Firefox, which is also strange. I don't use Chrome but since Opera is Chromium based I guess the problem might occur in Chrome too.

 


 

It's funny, it doesn't load in Firefox either for me, but it does in SeaMonkey (which isn't officially supported for BP), and I thought SeaMonkey ran on the same engine as Firefox.  dunno.gif

F-Secure Product Expert
F-Secure Product Expert

Re: Banking Protection annoying bug!

Hi all,

 

Thank you for reporting. This is a known behaviour. This is made so to protect users when banking related action can be taken on a page as Ukko mentioned.

 

This same behaviour should be on every browser.

From my quick tests Banking protection triggers also on FF(27 & 29.0.1).



Best Regards

-Ben

_________________________________

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
Advocate

Re: Banking Protection annoying bug!

Thanks for replying Ben.

 

I read a lot of blogs daily and for example the well known security blog http://krebsonsecurity.com/ has never triggered BP before but now triggers it every time. At first I couldn't understand what was going on. Was my F-Secure software perhaps compromised or was krebsonsecurity hacked? (call me paranoid Smiley Wink)  I think this can confuse a lot of F-Secure users.

 

The image in this case is part of a form that when clicked will redirect to https://www.paypal.com/cgi-bin/webscr  IMO, BP shouldn't start until you click that.

 

I expected BP to know the difference when I'm actually visiting a banking site compared to when only an image is loaded from one. I think there must be room for improvements here.

 

Edit: The only cool thing about this is that I'm probably the first person to trigger BP in a community page Smiley LOL

Highlighted
Superuser

Re: Banking Protection annoying bug!

Hello,

 

Probably you able to use F-Secure SAS with current URL.

They have special category (about URLs) with Banking Protection and situations - and maybe it's can be like part of that.

They can to check it more "close" and create something like "should be or not".

 

 

Anyway... for example.... my browsers will be without that behavior. Because.. current picture will be blocked by "filters" as "third party item".

And just "direct" visit for that URL (picture) - work like Banking Protection.

And it's mean... here can be situation, when current one picture... marked as one of "things" (because here HTTPS - it's just main reason for start banking protection - like if you visit.. for example... just main webpage by some of banks - which can be just HTTP; but also here... online-payment source-website like second reason...  and maybe some other reasons for started banking protection), which should be just with "active banking operation". Maybe also adminstrators/developers wrongly used that "mechanism by PayPal" in their services. Anyway - maybe F-Secure SAS can to speedy reaction for that. :)

Superuser

Re: Banking Protection annoying bug!

And like addition...

 

Current "behavior" will be work around any "pictures" from "page", which should be with Banking Protection.

 

Here I mean - if check any random bank-websites.... and if get any picture/any resource from page, where Banking Protection started (and should be start), enough that picture/resource for same behavior. Enough just "font-background"-picture too.

Probably it's normal - because that pictures/resources should be used just with one page, where Banking Protection should be started.

 

Some kind of addition - if someone have Banking Protection during that setting (if it's load from first or during direct visit).

 

Spoiler