Discussion on Remove ING DIRECT Security Through Obscurity | Userscripts.org

Archived Comments, replied by Matthew Flaschen

Matthew Flaschen — Sun, 28 Sep 2008 15:53:50 +0000

I've uploaded a new version that works with the latest ING site updates.

Archived Comments, replied by Jon K

Jon K — Thu, 21 Jun 2007 17:00:26 +0000

Matthew,

Could you write a script that would allow me to sort the "View my Account" table by Account Nickname, Balance, or Available Balance?

Archived Comments, replied by Matthew Flaschen

Matthew Flaschen — Wed, 26 Jul 2006 13:19:15 +0000

I've updated it to work on the new ING login page, and added a function. When ING enrolls me in the "new security feature", I'm planning to post a proof of concept exploit for that too. It seems fundamentally flawed. They have to show you the picture and phrase before authenticating you, so an unauthenticated adversary has that data available to phish with. I don't know what the details are, but this problem seems unavoidable.

Archived Comments, replied by Matthew Flaschen

Matthew Flaschen — Mon, 08 May 2006 22:02:00 +0000

Thank you. It was meant as a proof of concept as much as anything else, though I do use it (but only on my own computer).

Archived Comments, replied by Julien Couvreur

Julien Couvreur — Tue, 02 May 2006 19:39:31 +0000

The virtual keyboard does mitigate the key logger threat.
Admitedly, other threats remain, such a software recorder. But imo the ING Direct login screen is not useless.

Nice script though.

Archived Comments, replied by Jesse Andrews

Jesse Andrews — Wed, 17 Nov 2004 01:05:04 +0000

The following is an archive of comments made before threaded discussions was implemented (November 16th, 2008)