09.03.08
Citibank Signs Deals with Microsoft, Deliberately Blocks GNU/Linux Users
Background
Patterns which are learned from history can be useful for the establishment of an hypothesis — in this case it being the hypothesis that Microsoft partners have implicit obligations which favour Microsoft and ‘punish’ its rivals. This can be harmful for many reasons and even cost lives at times.
The US Federal Aviation Administration seems to have gotten itself entangled after choosing Microsoft, but there are many other government departments which follow a similar route. The US Library of Congress comes to mind as a recent example of Exclusion Through Silverlight™ [1, 2, 3].
Just moments ago we attempted to show that the BBC’s deal with Microsoft seems to have resulted in exclusion of GNU/Linux users and even bashing.
Bank of America
In the case of the Bank of America, even Firefox was banned — until recently. To say more about this:
“As the usage of Firefox browsers has increased with our customer base, we will be initiating a full support model for Firefox version 2.x in the very near future,” spokeswoman Tara Burke told Networkworld.com.
Think “the very near future” will prove to be very soon? Don’t bank on it.
This was a case of merely beginning to support something other than Internet Explorer, despite its many known deficiencies and continued lack of adherence to standards. It’s stubborn snobbery. But what about GNU/Linux, the operating system level?
Welcome Citigroup
One reader, Jose, points out that Prince Alwaleed leads to just one link among others between Microsoft and Citibank (”Prince Alwaleed proposes Microsoft operation for Kingdom”). Bill Gates is mentioned there too. Remember where the SCO cash infusion almost came from and witness the many bits of circumstantial evidence.
According to Bill Parish, “[i]t is often forgotten that crown prince Al-Waleed saved Citicorp from going under a decade ago.” So a circle seems to be closing. Moreover, just watching old news, collaborations between Microsoft and Citibank are clear for all to view. Here are 3 examples:
Building on their strong relationship, Microsoft Corp. and Citibank Merchant Services today announced an extension of their collaboration to offer Microsoft® Business Solutions’ customers — specifically small and midmarket retailers — technology and services designed for the independent merchant. The agreement, announced at the National Retail Federation (NRF) 92nd Annual Conference & Expo, enhances Microsoft Retail Management System (RMS) by introducing a new payment processing module.
2. Microsoft Signs Citibank Indian Software Unit Deal
Microsoft Corp has formed an alliance with Citibank’s Indian software unit Citicorp Information Technology Industries Ltd (CITIL) to market the latter’s banking products world-wide. CITIL will use Windows NT and Back Office as its platforms of choice. Microsoft will sell the Indian firm’s banking industry products - Microbanker, Fundpower, and Finware - all over the world.
This pair seems to have gotten pretty close with a joint bill venture dating one decade ago:
3. Citibank joins Microsoft bill venture
Citibank has made an equity investment in MSFDC, a controversial joint venture of Microsoft and First Data for online bill presentment and payment.
Citigroup Snubs GNU/Linux
Blaming security, Citibank refuses to support GNU/Linux. Customers are furious. They deserve to be.
So you use that web browser to fill the application for a credit card at Citibank, and finally receive it. But when you start using that credit card and want to check you card usage on-line, the system won’t work when accessed with Linux. That’s exactly what has got Linux users furious at the banking giant.
Jason Antman, a techie and IT major at Rutgers University in New Jersey, got furious last week after realising that getting a card from Citibank using a Firefox is as easy as a walk in the park, but then checking his card activity on CitiCards.com using the open sauce browser was, well, as hard as a stone.
These complaints about Citibank are nothing new by the way. Here is one other rant from last year.
I hope they hear from enough people to take note. I think the Americans with Disabilities Act may be a powerful argument in favor of making web sites more standards compliant and accessible.
For its Web site, Citigroup deploys Solaris (UNIX), so it seems unwilling to run Windows on the server, yet it conveniently requires that customers do so on the desktop. Given the horrifying statistics which claim that one in two (Windows) PCs is a zombie, it’s a gamble, a Russian roulette. As Geer put it, “in zombie we trust.” What is Citigroup thinking?
Windows in ATMs
Citibank is in no position to brag about security. Here is a recent incident:
The alleged thieves made off with about $2 million between October 2007 until March of this year. Officials believe they remotely broke into the back-end computers that approve cash withdrawals and grabbed the PINs as they were being transmitted from the ATMs to the transaction processing computers, which increasingly use Windows, the report says.
From the comments:
Windows should not be used, nor shout OS X or Linux if it is running a GUI. While Windows can not be striped to a secure level and OS X is a bit of a challenge, Linux is very easy to run with a very minimalistic build.
Check out the NSA version of Linux.
Those PIN hacks seem reminiscent of the disaster which is Windows on ATMs. Here are some references that are relevant:
1. Windows-based cash machines ‘easily hacked’
ATMs, or automated teller machines, today face the Internet-born threat of worms and denial-of-service attacks, as well as being at risk from malicious applications that can harvest customer data or hijack machines.
2. Madness: ATMs Running Windows XP?
3. Pictures of ATM Machine Running Windows XP Crashing
The other day I pulled up to an ATM and it was in the middle of crashing and so I was able to shoot these pics during the crash and reboot. The ATM never did come up fully so I was unable to get some cash.
4. ATM using un-activated Windows
Ok, so lets be realistic for a moment here, first off, is ‘Hackers Best Friend” MS Windows really the optimal choice for an operating system that spits out cash?
In Russian you can sometimes meet pirated copy of Windows even on ATM. It warns that this copy of Windows need activation and the work of ATM gets interrupted.
6. Why not Embedded? ATM’s Running XP Professional…
This time, I happened to be there when it suddenly BSOD’d and began a reboot cycle. Obviously, to BSOD it needs to run Windows, and moments later, that was confirmed. But that’s not the story here — believe it or not, most ATMs run Windows nowadays, and there’s absoloutely nothing wrong with that.
[...]
There’s a million reasons why an ATM should must be RTOS, be it Linux or VxWorks or Windows CE, but even if you don’t go with RTOS, Windows XP Professional most certainly isn’t the answer. Especially if it’s not even SP2.
7. ATMs hacked using MP3 player
A criminal gang in the U.K. was able to steal confidential banking data by bugging ATMs with an MP3 player, The Times of London reported in its online edition Thursday.
Only Windows seems to reinterpret device insertion as a call for execution of arbitrary and untrusted contents. NASA recently saw its laptops out in space getting infected in this way (computer viruses passing via USB drives in Windows). With that in mind, how can Citigroup promote Windows for security reasons? Brazil seems to have stepped up to the plate and voted for change.
Brazilian banking giant Banco do Brasil this year is preparing to start a massive migration of one of the world’s biggest ATM fleets to the GNU/Linux operating system.
This is one among many migrations to GNU/Linux in Brazil. It includes hundreds of thousands of voting machine, so no wonder Microsoft is scared and resorting to FUD over there [1, 2]. █
Highlight: Novell was the first to acknowledge that Microsoft FUD tactics had substance. Novell then used anti-Linux FUD to market itself. 
Highlight: Xandros let Microsoft make patent claims and brag about (paid-for) OOXML support. 
Highlight: Linspire's CEO not only fell into Microsoft arms, but he also assisted the company's attack on GNU/Linux. 
Highlight: Microsoft craves pseudo (proprietary) standards and gets its way using proxies and influence which it buys. 
Highlight: The invasion into the open source world is intended to leave Linux companies neglected, due to financial incentives from Microsoft. 
Analysis: Xen, an open source hypervisor, possibly fell victim to Microsoft's aggressive (and stealthy) acquisition-by-proxy strategy.
Shannon VanWagner said,
September 3, 2008 at 4:48 pm
Here’s the message I sent to them via their Contact Us link at: http://www.citi.com/domain/contact/index.htm
Hi there. I see that your website discriminates by Operating System. I am using Ubuntu GNU/Linux with Firefox 3 browser and your website tells me I am not “able to take full advantage” of your citibank website.
I’m not sure why you chose to do this as Firefox 3 adheres completely to Open Web Standards and the GNU/Linux operating system is just as secure as any.
So as a person who will now NOT be setting up a citibank account, I will also get on to telling everyone I know that your company supports the Microsoft Monopoly with Windows and Internet Explorer.
Should you ever decide that realize that, 1.) America is a free country, 2.) Monopoly is illegal, 3.) that Open Web standards are better than closed ones, and 4.) to update your website to work with any open web standards compliant internet browsers, perhaps you can let me know so I can stop making a bad name for your online account access capabilities.
Until then, you can kindly kiss my browser stamp.
Good day.
Shannon VanWagner
Yfrwlf said,
September 3, 2008 at 7:57 pm
I use Wamu (Washington Mutual) here in the U.S., and their website I believe is 100% web standards compliant. I spoke with them before opening my account with them, and they ensured me that Firefox was fully supported as well as any web standard compliant browser, and three banking staffers there told me they all used Firefox for their web browser. I have had no problems whatsoever using their website, everything works flawlessly and it has the freshest and cleanest website layouts and designs (using plenty of CSS) that I’ve ever seen for a banking website, of which I’ve used dozens.
I highly recommend them, and highly recommend staying away from any websites which are anti-web-standards. That includes Progressive, by the way, which blocked me from being able to sign required forms online because I wasn’t using IE, so I switched to Geico. (Sad to have to pay any insurance company though as I believe it’s a racket and that any property damage should always be dealt with through the police/court system.)