Remove ING DIRECT Security Through Obscurity

By Matthew Flaschen Last update Oct 7, 2008 — Installed 524 times.

Archived Comments (locked)

in
Subscribe to Archived Comments 6 posts, 4 voices



Nov 17, 2004 1:05am
Jesse Andrews Admin

The following is an archive of comments made before threaded discussions was implemented (November 16th, 2008)
 
Sep 28, 2008 3:53pm
Matthew Flas... Script's Author

I've uploaded a new version that works with the latest ING site updates.
 
Jun 21, 2007 5:00pm
Jon K User

Matthew,

Could you write a script that would allow me to sort the "View my Account" table by Account Nickname, Balance, or Available Balance?
 
Jul 26, 2006 1:19pm
Matthew Flas... Script's Author

I've updated it to work on the new ING login page, and added a function. When ING enrolls me in the "new security feature", I'm planning to post a proof of concept exploit for that too. It seems fundamentally flawed. They have to show you the picture and phrase before authenticating you, so an unauthenticated adversary has that data available to phish with. I don't know what the details are, but this problem seems unavoidable.
 
May 8, 2006 10:02pm
Matthew Flas... Script's Author

Thank you. It was meant as a proof of concept as much as anything else, though I do use it (but only on my own computer).
 
May 2, 2006 7:39pm
Julien Couvreur Scriptwright

The virtual keyboard does mitigate the key logger threat.
Admitedly, other threats remain, such a software recorder. But imo the ING Direct login screen is not useless.

Nice script though.
Cross
Presentational HTML allowed.
Use <code> for inline code and <pre> for code blocks. Use &lt; and &gt; for literal < and >.
We help break paragraphs and link your links.
or cancel