Thank you for this forum. I am posting my findings for end users who might not be network literate.
This past weekend I got the same NoScript window, as I just installed per Firefox recommendation NoScript extension.
Not seeing this forum first, I immediately got ahold of RBC online banking support regarding the NoScript window of all the financial websites displayed.
After two levels of general end-user support, and at my request, RBC transferred me to their IT support team.
I was concerned over the various around the world financial institutes displayed like Russia, etc when all I was doing was interacting with their online banking server to check my Visa account.
There was only arrogance from the IT RBC person not answering my question on "why the various financial signin sites listed in the Noscript window".
As he stated, they were on top of things and didn't need an end user's eyes or ears input on potential security issues.
I asked if there was an appropriate server that i could uplift the NoScript html file to for their post processing --- similar to high tech companies like Apple.
At least they have evidence of possible security breaches.
No was his answer.
The IT guy lectured me on my lack of Cross-Scripting knowledge and then abruptly hung-up. Not a pleasant support experience.
Their security support is very minimal, with no potential security facilities / reporting in place except by phone.
Their approach is bottom-up. Take up the issue at the branch level, and they will forward the report to the appropriate department.
RBC have plenty of online documents and forms on "how to lodge a complaint" but none specific to computer security issues: fraud yes but not technical.
There is no FAQes recommending cross-scripting protection, or examples of NoScript findings for their online banking clientel.
After this unsettling experience, i found your forum and posts comforting:
- Your posts on potential credential leakage
calmed my paranoia of potential RBC internal financial site data squirreling for future internal RBC personnel thieft?
From Firefox debug tool, the following was established:
- 1) the Cross-scripting occurs WHEN THE "SIGNIN" button is clicked but before the user information is entered.
2) There is a time lag on when the NoScript window pops up after the user credentials are inputted when the debug tool is not active.
Per first post in this list.
Conclusion:
There is No Credential leakage as per previous posts.
I find it strange that this issue was reported in 2018, and still not corrected by RBC.
What RBC does with the "around the world financial websites" list is in their own internal software domain but having it publicly on display for possible other hackers to use is rather unsettling.
Thank you for this forum. I am posting my findings for end users who might not be network literate.
This past weekend I got the same NoScript window, as I just installed per Firefox recommendation NoScript extension.
Not seeing this forum first, I immediately got ahold of RBC online banking support regarding the NoScript window of all the financial websites displayed.
After two levels of general end-user support, and at my request, RBC transferred me to their IT support team.
I was concerned over the various around the world financial institutes displayed like Russia, etc when all I was doing was interacting with their online banking server to check my Visa account.
There was only arrogance from the IT RBC person not answering my question on "why the various financial signin sites listed in the Noscript window".
As he stated, they were on top of things and didn't need an end user's eyes or ears input on potential security issues.
I asked if there was an appropriate server that i could uplift the NoScript html file to for their post processing --- similar to high tech companies like Apple.
At least they have evidence of possible security breaches.
No was his answer.
The IT guy lectured me on my lack of Cross-Scripting knowledge and then abruptly hung-up. Not a pleasant support experience.
Their security support is very minimal, with no potential security facilities / reporting in place except by phone.
Their approach is bottom-up. Take up the issue at the branch level, and they will forward the report to the appropriate department.
RBC have plenty of online documents and forms on "how to lodge a complaint" but none specific to computer security issues: fraud yes but not technical.
There is no FAQes recommending cross-scripting protection, or examples of NoScript findings for their online banking clientel.
After this unsettling experience, i found your forum and posts comforting:
[list]
Your posts on potential credential leakage
calmed my paranoia of potential RBC internal financial site data squirreling for future internal RBC personnel thieft?
[/list]
From Firefox debug tool, the following was established:
[list]
1) the Cross-scripting occurs WHEN THE "SIGNIN" button is clicked but before the user information is entered.
2) There is a time lag on when the NoScript window pops up after the user credentials are inputted when the debug tool is not active.
Per first post in this list.
[/list]
Conclusion:
There is No Credential leakage as per previous posts.
I find it strange that this issue was reported in 2018, and still not corrected by RBC.
What RBC does with the "around the world financial websites" list is in their own internal software domain but having it publicly on display for possible other hackers to use is rather unsettling.