Re: FireFox and Bank haPoalim
These are good news. But the fix is not complete. If you go to Meida Meatar Isracard, the right hand menu is still reversed. So, I continue to use Effie's extension... :'( Ilya Konstantinov wrote, On 21/12/06 20:25: Looks like the bank has finally fixed the reversed menus on Firefox. The Javascript code that previously caused the bug is no longer there and has the comment // new above it. The sources also refer to Firefox in various points, so it looks like they're no longer oblivious to Firefox (though they still won't openly cooperate with the development team). On 12/10/06, Michael Sternberg [EMAIL PROTECTED] wrote: I still did not heard the asnwer to question why its so hard for Bank haPoalim to fix their site for so long time. Or why Linux fans/Israel Open Source community/haMakor did not asked them to do so. BTW, there is no problem with reversed hebrew while using Internet Explorer :) = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- Dr. Zvi Har'El mailto:[EMAIL PROTECTED]Department of Mathematics tel:+972-54-4227607 icq:179294841Technion - Israel Institute of Technology fax:+972-4-8293388 http://www.math.technion.ac.il/~rl/Haifa 32000, ISRAEL If you can't say somethin' nice, don't say nothin' at all. -- Thumper (1942)
Re: FireFox and Bank haPoalim
Looks like the bank has finally fixed the reversed menus on Firefox. The Javascript code that previously caused the bug is no longer there and has the comment // new above it. The sources also refer to Firefox in various points, so it looks like they're no longer oblivious to Firefox (though they still won't openly cooperate with the development team). On 12/10/06, Michael Sternberg [EMAIL PROTECTED] wrote: I still did not heard the asnwer to question why its so hard for Bank haPoalim to fix their site for so long time. Or why Linux fans/Israel Open Source community/haMakor did not asked them to do so. BTW, there is no problem with reversed hebrew while using Internet Explorer :) = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: FireFox and Bank haPoalim
Quoting Zvi Har'El, from the post of Fri, 08 Dec: Once you installed it, it really doesn't matter if somebody later breaks to Effie's site (to Effie it would matter :'( ). If you haven't installed it yet - you can download it, and examine the file contets (an XPI file is just a fancy extension to a ZIP archive) before installing it (from the local file, of course). I would do it even if the file were signed, and even if it came by a stork directly from mozdev :-) . signed by whom? I never realised mozilla extensions come signed. what's the PKI? -- Stupid is as stupid does Ira Abramov http://ira.abramov.org/email/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: FireFox and Bank haPoalim
On 08/12/06, Zvi Har'El [EMAIL PROTECTED] wrote: fancy extension to a ZIP archive) before installing it (from the local file, of course). I would do it even if the file were signed, and even if it came by a stork directly from mozdev :-) . So is this what you do for every extension you install from Mozilla's addons extension catalog? Or do you avoid installing any Firefox extension? --Amos
Re: FireFox and Bank haPoalim
Just being a bit argumentative, you have 2 issues with this claim: 1) You can't tell by that logic if the zip has already been cracked. The many eyes principle says that only you is probably not enough. Now, if it was tab mix plus... :) 2) 6 months from now, when it will ask for an update, someone will probably forget the original reasoning for installing an unsigned xpi and will update the file. On Friday 08 December 2006 08:07, Zvi Har'El wrote: Once you installed it, it really doesn't matter if somebody later breaks to Effie's site (to Effie it would matter :'( ). If you haven't installed it yet - you can download it, and examine the file contets (an XPI file is just a fancy extension to a ZIP archive) before installing it (from the local file, of course). I would do it even if the file were signed, and even if it came by a stork directly from mozdev :-) . Amos Shapira wrote, On 07/12/06 23:28: On 08/12/06, *Oded Arbel* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: On Thu, 2006-12-07 at 18:38 +0200, Ilya Konstantinov wrote: While I agree this is risky, I must correct your assumption that the fact this extension claims to deal with a banking site makes it more or less likely to be spyware. I think the main issue is that it's unsigned - it means that a cracker who breaks into Effie's web site and installs a modified version won't be caught by the extension singing mechanism. I might be naive, but I pretty much trust Effie himself not to do any monkey business with his own extensions. -- Regards, Tzahi. -- Tzahi Fadida Blog: http://tzahi.blogsite.org | Home Site: http://tzahi.webhop.info WARNING TO SPAMMERS: see at http://members.lycos.co.uk/my2nis/spamwarning.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: FireFox and Bank haPoalim
I install extensions, but check what they do... Of course, with popular extensions you can rely on the fact that somebody else checked them, but when it goes to your bank account, you cannot be too careful. Amos Shapira wrote, On 08/12/06 11:12: On 08/12/06, *Zvi Har'El* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: fancy extension to a ZIP archive) before installing it (from the local file, of course). I would do it even if the file were signed, and even if it came by a stork directly from mozdev :-) . So is this what you do for every extension you install from Mozilla's addons extension catalog? Or do you avoid installing any Firefox extension? --Amos -- Dr. Zvi Har'El mailto:[EMAIL PROTECTED]Department of Mathematics tel:+972-54-4227607 icq:179294841Technion - Israel Institute of Technology fax:+972-4-8293388 http://www.math.technion.ac.il/~rl/Haifa 32000, ISRAEL If you can't say somethin' nice, don't say nothin' at all. -- Thumper (1942)
Re: FireFox and Bank haPoalim
Argh! There's no security model for Firefox extensions like there is for, say, Java, where the external host (i.e. Firefox) limits what an extension can do. The fact the extension claims to handle a banking site doesn't make it a more or less likely vector of attack; its ability to access your bank is no more than any innocent extension's (e.g. an extension that shows a cute puppy in your toolbar). In other words, you're checking Effie's extension for entirely wrong reasons. There's no wrong in checking it, but don't get a false sense of security that it's worth more than checking all those other extensions you have. On 12/8/06, Zvi Har'El [EMAIL PROTECTED] wrote: I install extensions, but check what they do... Of course, with popular extensions you can rely on the fact that somebody else checked them, but when it goes to your bank account, you cannot be too careful. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: FireFox and Bank haPoalim
Michael Sternberg wrote: Hello. For everybody who's tired of looking on reversed hebrew of Bank haPoalim personal account web interface I have found a wonderful extension for FireFox that solves this problem: http://www.effie.co.il/mozvuvu/home.html enjoy :) P.S. I do not understand why Bank haPoalim still did not fixed their problem with reverse Hebrew in FireFox, its there for at least three years.. Probably because they don't an effie of Firefox users or site user at large :-) Gilad -- Gilad Ben-Yossef [EMAIL PROTECTED] Codefidence. A name you can trust(tm) Web: http://codefidence.com | SIP: [EMAIL PROTECTED] IL: +972.3.7515563 ext. 201 | Fax:+972.3.7515503 US: +1.212.2026643 ext. 201 | Cel: +972.52.8260388 Resistance was futile. -- Danny Getz, 2004. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: FireFox and Bank haPoalim
On 12/7/06, Gilad Ben-Yossef [EMAIL PROTECTED] wrote: Michael Sternberg wrote: Hello. For everybody who's tired of looking on reversed hebrew of Bank haPoalim personal account web interface I have found a wonderful extension for FireFox that solves this problem: http://www.effie.co.il/mozvuvu/home.html enjoy :) P.S. I do not understand why Bank haPoalim still did not fixed their problem with reverse Hebrew in FireFox, its there for at least three years.. Probably because they don't an effie of Firefox users or site user at large :-) Actually the problem equally exists in Internet Explorer. They equally makes bad work, so please do not get so excited ;) Gilad -- Gilad Ben-Yossef [EMAIL PROTECTED] Codefidence. A name you can trust(tm) Web: http://codefidence.com | SIP: [EMAIL PROTECTED] IL: +972.3.7515563 ext. 201 | Fax:+972.3.7515503 US: +1.212.2026643 ext. 201 | Cel: +972.52.8260388 Ido -- http://ik.homelinux.org/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: FireFox and Bank haPoalim
Actually I'm currently looking at their site in firefox and it looks fine to me. They used to have a problem with incorrect encoding detection that needed manual ajustment, but now even that is gone...So what reverse font are you talking about? On 12/7/06, ik [EMAIL PROTECTED] wrote: On 12/7/06, Gilad Ben-Yossef [EMAIL PROTECTED] wrote: Michael Sternberg wrote: Hello. For everybody who's tired of looking on reversed hebrew of Bank haPoalim personal account web interface I have found a wonderful extension for FireFox that solves this problem: http://www.effie.co.il/mozvuvu/home.html enjoy :) P.S. I do not understand why Bank haPoalim still did not fixed their problem with reverse Hebrew in FireFox, its there for at least three years.. Probably because they don't an effie of Firefox users or site user at large :-) Actually the problem equally exists in Internet Explorer. They equally makes bad work, so please do not get so excited ;) Gilad -- Gilad Ben-Yossef [EMAIL PROTECTED] Codefidence. A name you can trust(tm) Web: http://codefidence.com | SIP: [EMAIL PROTECTED] IL: +972.3.7515563 ext. 201 | Fax:+972.3.7515503 US: +1.212.2026643 ext. 201 | Cel: +972.52.8260388 Ido -- http://ik.homelinux.org/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: FireFox and Bank haPoalim
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Dover Sent: Thursday, 07 December, 2006 02:26 PM To: Linux-IL Subject: Re: FireFox and Bank haPoalim Actually I'm currently looking at their site in firefox and it looks fine to me. They used to have a problem with incorrect encoding detection that needed manual ajustment, but now even that is gone...So what reverse font are you talking about? You have to perform login as Bank Poalim customer to manage your account. And I'm using FireFox 2.0 (although problem was in 1.5 too).. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: FireFox and Bank haPoalim
On 12/7/06, Michael Sternberg [EMAIL PROTECTED] wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Dover Sent: Thursday, 07 December, 2006 02:26 PM To: Linux-IL Subject: Re: FireFox and Bank haPoalim Actually I'm currently looking at their site in firefox and it looks fine to me. They used to have a problem with incorrect encoding detection that needed manual ajustment, but now even that is gone...So what reverse font are you talking about? You have to perform login as Bank Poalim customer to manage your account. And I'm using FireFox 2.0 (although problem was in 1.5 too).. This is exactly what I'm doing. FF 1.5.0.8. Windows version though. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: FireFox and Bank haPoalim
http://mishka.freeshell.org/bank_poalim.JPG Check out right column and tabs headers = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: FireFox and Bank haPoalim
Just a warning, Installing an unsigned plugin that affects the connection with your bank is not very smart (i remembered late myself, so don't feel bad). On Thursday 07 December 2006 13:00, Michael Sternberg wrote: Hello. For everybody who's tired of looking on reversed hebrew of Bank haPoalim personal account web interface I have found a wonderful extension for FireFox that solves this problem: http://www.effie.co.il/mozvuvu/home.html enjoy :) P.S. I do not understand why Bank haPoalim still did not fixed their problem with reverse Hebrew in FireFox, its there for at least three years.. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- Regards, Tzahi. -- Tzahi Fadida Blog: http://tzahi.blogsite.org | Home Site: http://tzahi.webhop.info WARNING TO SPAMMERS: see at http://members.lycos.co.uk/my2nis/spamwarning.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: FireFox and Bank haPoalim
There's nothing in this extension which limits it to work only with the bank's site, nor is there anything to limit any other extension you've installed from stealing your data from any site. While I agree this is risky, I must correct your assumption that the fact this extension claims to deal with a banking site makes it more or less likely to be spyware. On 12/7/06, Tzahi Fadida [EMAIL PROTECTED] wrote: Just a warning, Installing an unsigned plugin that affects the connection with your bank is not very smart (i remembered late myself, so don't feel bad). = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: FireFox and Bank haPoalim
Let me refine this. Very much like linux kernel is more or less trusted to have no secret evil code because of the many eyes principle, so does, for example, tab mix plus. However, an obscure plugin like this bank hapoalim plugin does not have many eyes on its code and thus, more dangerous than other more famous plugins. On Thursday 07 December 2006 18:38, Ilya Konstantinov wrote: There's nothing in this extension which limits it to work only with the bank's site, nor is there anything to limit any other extension you've installed from stealing your data from any site. While I agree this is risky, I must correct your assumption that the fact this extension claims to deal with a banking site makes it more or less likely to be spyware. On 12/7/06, Tzahi Fadida [EMAIL PROTECTED] wrote: Just a warning, Installing an unsigned plugin that affects the connection with your bank is not very smart (i remembered late myself, so don't feel bad). -- Regards, Tzahi. -- Tzahi Fadida Blog: http://tzahi.blogsite.org | Home Site: http://tzahi.webhop.info WARNING TO SPAMMERS: see at http://members.lycos.co.uk/my2nis/spamwarning.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: FireFox and Bank haPoalim
On Thu, 2006-12-07 at 18:38 +0200, Ilya Konstantinov wrote: There's nothing in this extension which limits it to work only with the bank's site, Actually, there is - from reading the extension's source its obvious that it does its magic only when it detects the URL of bank hapoalim. nor is there anything to limit any other extension you've installed from stealing your data from any site. From reading the source again, it does no such thing - it simply fixed the encoding meta data. While I agree this is risky, I must correct your assumption that the fact this extension claims to deal with a banking site makes it more or less likely to be spyware. On 12/7/06, Tzahi Fadida [EMAIL PROTECTED] wrote: Just a warning, Installing an unsigned plugin that affects the connection with your bank is not very smart (i remembered late myself, so don't feel bad). While normally I would agree that this would be a problem, with such extensions - and with open source code et al - its not a problem at all as one can easily review the source code. -- Oded ::.. Politicians are like diapers. They both need changing regularly and for the same reason. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: FireFox and Bank haPoalim
On 08/12/06, Oded Arbel [EMAIL PROTECTED] wrote: On Thu, 2006-12-07 at 18:38 +0200, Ilya Konstantinov wrote: While I agree this is risky, I must correct your assumption that the fact this extension claims to deal with a banking site makes it more or less likely to be spyware. I think the main issue is that it's unsigned - it means that a cracker who breaks into Effie's web site and installs a modified version won't be caught by the extension singing mechanism. I might be naive, but I pretty much trust Effie himself not to do any monkey business with his own extensions. --Amos The Devil's avocado
Re: FireFox and Bank haPoalim
Once you installed it, it really doesn't matter if somebody later breaks to Effie's site (to Effie it would matter :'( ). If you haven't installed it yet - you can download it, and examine the file contets (an XPI file is just a fancy extension to a ZIP archive) before installing it (from the local file, of course). I would do it even if the file were signed, and even if it came by a stork directly from mozdev :-) . Amos Shapira wrote, On 07/12/06 23:28: On 08/12/06, *Oded Arbel* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: On Thu, 2006-12-07 at 18:38 +0200, Ilya Konstantinov wrote: While I agree this is risky, I must correct your assumption that the fact this extension claims to deal with a banking site makes it more or less likely to be spyware. I think the main issue is that it's unsigned - it means that a cracker who breaks into Effie's web site and installs a modified version won't be caught by the extension singing mechanism. I might be naive, but I pretty much trust Effie himself not to do any monkey business with his own extensions. -- Dr. Zvi Har'El mailto:[EMAIL PROTECTED]Department of Mathematics tel:+972-54-4227607 icq:179294841Technion - Israel Institute of Technology fax:+972-4-8293388 http://www.math.technion.ac.il/~rl/Haifa 32000, ISRAEL If you can't say somethin' nice, don't say nothin' at all. -- Thumper (1942)
