When Sampo launched the new system this Easter, they took into use Java-based authentication system. Of course it didn’t work in my Ubuntu 7.10, but after removing Open JDK and installing latest Sun JDK it started functioning again – at least log in worked. This Java solution raised a lot of concerns in internet community.

After upgrade to Ubuntu 8.04 that has Firefox 3.0b5 as default browser, Sampo web-bank Java login stopped working again. This time installing latest JRE didn’t help. Hardy Heron (Ubuntu 8.04) contains JRE 1.6.0_06-b02 and it fails on the second security code request during login process. (Remarkably, Sun itself offers only 1.6.0_05 version for Linux). Solutions proposed in Finnish Ubuntu discussion forum (tweaking plugins) didn’t work for me either.

What worked was replacing JRE 1.6 with an older version 1.5:

$sudo apt-get remove sun-java6-bin sun-java6-fonts sun-java6-jre sun-java6-plugin openjdk-6-jre openjdk-6-jre-headless openjdk-6-jre-lib

$sudo apt-get install sun-java5-bin sun-java5-fonts sun-java5-jre sun-java5-plugin

Then I ran

$sudo update-alternatives --config java

command to make sure correct JRE was selected as default.

While struggling with this issue I tried to check Sampo’s technical support pages. There was a nice “Check your computer page” that kindly informed me that my operating system is Linux and “You may be able to run eBanking, but your operating system is not supported by Customer Support.”

This is really frustrating. 14% of the readers of this blog use Linux. On regular sites that I maintain this figure is from 7% to 10%. Sampo caused a lot of grief to its customers, me including, with this software system upgrade. Even after they promised to waive four months’ worth of service charges I’m still not sure it is going to be enough to keep all their customers.

I’ve experienced quite a lot of problems by far – non-\0-terminated strings in UI, transactions with no explanations that I don’t remember authorising, transactions in our web shop that were reported as failed, although money were withdrawn from customer’s accounts, simple web-bank downtimes with HTTP 503 and the latest one is my credit card – Sampo claims that I don’t owe them anything – probably it is one of the Monopoly’s famous “Bank error in your favour, collect $200″ cases.

Beta culture seems to be spreading from internet startups to bank systems (although in this case I would be more inclined to say that this was a huge screw up on Danske Bank IT department’s part). I’m not sure I like it. Gmail beta, Flickr beta, but Sampo Bank beta? It’s definitely fun to participate in debugging of the new web service, but not when it deals with your real money.

This case bring interesting thoughts on how much we trust online services and what is the pain level when we say “that’s enough, I’m leaving”. Is it the same for data banking as for traditional banking. Would you trust your bank to keep your family photo archive or your computer backups? Is it any safer than Flickr/Google Documents? And the other way around – if you trust your data to Google or Yahoo, would you trust them with your money?

But that was more than 10 years ago. Now I noticed that something is wrong when I started recieving a lot of comment spam from this blog. Captcha plugin was doing an excellent job before, so I decided to check what’s going on. Somehow all plugins were disabled. Re-enabling them solved the problem with comment spam, but then Goolge started generating weird excerpts for ivankuznetsov.com search results. That’s when I started digging deeper and discovered that a hidden div with advertisments was inserted into WordPress PHP scripts.

Dreamhost support was kind enough to point me to the description of the attack that was used to break my blog. This particular problem, as well as some other security issues have been fixed in the latest Word Press release – 2.5.1. Lesson learned – update software on time and make backups.

If you are using WordPress older than 2.5.1 I would recommend you to upgrade ASAP.