Just had a dig through my logs, here is a list of third party sites that barclays.co.uk accessed, some of these were javascript pages, how on earth can they expect to maintain security with this going on?

tribalfusion.com
adnxs.com
doubleclick.net
vindicosuite.com
amgdgt.com
intellitxt.com
specificclick.net
gwallet.com
guardian.co.uk
ecustomeropinions.com
mookie1.com
yieldmanager.com
answercloud.com
quantserve.com
dsply.com
omtrdc.net
advertising.com

Those will only be the landing pages and information. Logging in will encrypt the communication. If i remember opens in a new window.

I give up on being tracked an analysed, and thought of myself as a tiny piece of sand in a huge desert of sand.

With an external javascript being active on the page its possible for it to hijack the connection and make it look like you are still dealing with the barclays site.

How are customers supposed to tell if everything is kosha when they have this amount of trash floating around. I would expect with a bank site for it only to deal with the domain I want.

I had this argument with paypal a number of years ago over a similar issue which I managed to demonstrate was unsafe, I'm glad to say they changed it. I haven't got up to date knowledge to know what is possible these days but what barclays (and no doubt others) are doing is certainly the first step in creating a potential weakness and should be avoided.

I agree with your post above DD.

How did your generate those logs, as i have visited the site expecting to be hit by adverts and there was none ?
Only barclays promotions.

I'll reply by PM.

Thanks

This is known as XSS (cross-site scripting). It is a very serious security risk. Most good browsers will warn you if this is being attempted.

Andy, here are my recommendations.

1. If you're using Internet Exploder, STOP it now. It's FULL of vulnerabilities and weaknesses. Install Firefox. http://getfirefox.com

2. Install the AdBlock Plus plugin. Click Options, Filter Preferences, Filter subscriptions, untick "Allow some non intrusive advertising"

3. Install the Ghostery plugin. Run the wizard. Tell it to block everything.

4. Install an ad and malware blocking hosts file. http://someonewhocares.org/hosts/ is a very good one. Installation instructions are at the top of the file.

Once that is done, you'll never see another ad and your computer will be protected from 99% of the known malware, adware, tracking and foistware sites. You will be astonished at how much Ghostery in particular blocks (it pops up a list on each site you visit - you can disable this if you want.)

You can also install a plugin called NoScript which will prevent Javascript from running, but it breaks quite a few sites.

It's YOUR computer - take back control of it!

If you're a Barclays Internet banking customer, they give you Kaspersky Internet Security for free. They also give you the Kasprsky mobile banking app for your smart phone or tablet.
This goes a long way in protecting you.

Don't worry, I'm well protected, its stupidity of the bank that my post is about.

@MikeT

While I have had massive lists in the hosts file before now, there is a huge disadvantage in that it is difficult to check if something has interfered with it. I also use local servers on my computer so make use the hosts file myself and could do without the clutter.

I don't trust Ghostery as it is a tracker in its own right.