Friday, October 17, 2008

The guys behind the new Maybank2U, please read

Epic fail! For the past few days, I had been hearing people ranting about the new site in Twitter, Facebook and my IM.

I haven't been using my Maybank account (basically abandoning it unless there's a need to M2U to some friends for convenience sake, oh.. and, it has more ATM machines than HSBC that is true) for the past 2 months ever since I changed my job.

As I am NOW doing some book keeping, as well as to experience the pain others are suffering, I convinced myself to log into the site. Clicking on "Transaction History", the cool Ajaxy waiting icon appeared and.. woohoo, a few 10 seconds later:

Ah, ArrayIndexOutOfBoundsException, caused by a JSP tag. I don't want to know what else they're doing with Struts and in the JSP, but surely, these guys wrote some shit to make almost every customer suffers.

- yc

11 comments:

David Chui said...

I was able to reproduce the error with:

Collections.emptyList().get(0);

The stack trace generated is:

Exception in thread "main" java.lang.IndexOutOfBoundsException: Index: 0
at java.util.Collections$EmptyList.get(Collections.java:2975)
at Maybank2uIsOneEpicFailure.main(Maybank2uIsOneEpicFailure.java:14)

Now, I'm not sure that's a fluke or pure incompetency. Worries me that code like this exists in a banking app...

Saif Uddin said...

the same I have yesterday..

Anak Perelih said...

I manage to get the actual display on the "account & banking" tab... but it's terribly slow.. so i did my transaction on the classic M2U.. although it's slow too but can make the transaction go thru... (maybe affected by the new version problem too). What apps server they are using?

yclian said...

anak perelih: Look like it's something called BroadVision. Something app server that I have never heard of.

yc

eRic said...

yc: BroadVision is the vendor's name, look at the stack trace at com.broadvision.servlet... kinda of naming convention for company's packaging name.

yclian said...

I actually did a google search and found some guys wanted to use Struts within BroadVision. So I would suspect they have their own J2EE app server.

It's still a wild guess afterall.

yc

Anonymous said...

so is it a serious security issue?

yclian said...

Hi there,

Whether there's a security issue behind this new site, I do not know. I'm not a security expert.

yc

Anonymous said...

Then its SAD to see some other people condemning the security vendor and the development unit for what seems to be an application error.It is damn slow anyway. Glad you highlighted it tho.

yclian said...

I guess people are worried of the quality of work being produced. Security is a big thing and if these guys could not handle good at the front-end level, we won't know how much loopholes could be created by them.
Think about XSS and XSRF too.


Pretty valid assumption.

yc

Anonymous said...

I guess the guys behind M2U have no idea what are XSS and XSRF, anyway... haha