Extra caution is recommended when installing recently uploaded/updated scripts (read more)
Be sure you trust any scripts you install
Remove ING DIRECT Security Through Obscurity
Simplifies needlessly complex ING login form, allowing one to, gasp, actually type their pin into a secure form.
This script removes the keypad on the ING Direct login screen and allows one to enter his or her pin directly into a PIN textbox. The keypad is meant to prevent logging, but is actually useless because the letter images use the letter they depict as a filename. Thus, a logging mechanism could easily parse out the letter-number association. This script uses the same type of parsing, but to allow direct number entry.
You could comment on this script if you were logged in.
login to vote
I've uploaded a new version that works with the latest ING site updates.
login to vote
Matthew,
Could you write a script that would allow me to sort the "View my Account" table by Account Nickname, Balance, or Available Balance?
login to vote
I've updated it to work on the new ING login page, and added a function. When ING enrolls me in the "new security feature", I'm planning to post a proof of concept exploit for that too. It seems fundamentally flawed. They have to show you the picture and phrase before authenticating you, so an unauthenticated adversary has that data available to phish with. I don't know what the details are, but this problem seems unavoidable.
login to vote
Thank you. It was meant as a proof of concept as much as anything else, though I do use it (but only on my own computer).
login to vote
The virtual keyboard does mitigate the key logger threat.
Admitedly, other threats remain, such a software recorder. But imo the ING Direct login screen is not useless.
Nice script though.