• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Paul Clapham
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Knute Snortum
  • Henry Wong
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Frits Walraven
  • Joe Ess
  • salvin francis

stupid security stuff

 
author & internet detective
Posts: 39769
797
Eclipse IDE VI Editor Java
  • Likes 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Friday fun - here's some sad but true stupid security stories. Sigh.

Anyone have a favorite from the article or outside of it?
 
Sheriff
Posts: 4714
309
IntelliJ IDE Python Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The Strawberrynet one is particularly fun to play with. I spent a few minutes there trying to guess a valid gmail address, to no avail
 
Enthuware Software Support
Posts: 4390
40
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Indian bank websites are probably most secure. To quote a popular comedian, they are so secure even I can't get in. Besides using two passwords (login pwd and profile pwd), the crazy rules for what your pwd can be, and making you change it every couple of months without reusing any of the previous ones, there is one particular task flow that makes me feel like kill myself. India uses a mode of money transfer called IMPS (Immediate Payment Service), which allows you to transfer funds to any account instantaneously. It is like wire transfer in US but much faster. All you need is the receivers Account Number (no name is required), and receiving bank's IFSC code and the amount. That's it. Here is how most banks implement it -

1. Go to the IMPS screen and then manually type in the 16 to 20 digit account number. You probably got the receiver's account number in an email or a whatsapp message. But you can't copy and paste it into the field. You have to manually type each digit. So you keep flipping between the two screens.

2. Once you enter the account number, this field becomes invisible.  Yes, invisible. You can't see what you just typed. A new field is displayed where you need to type the same freaking account number again. This is apparently to make sure that you are sure about the receiving account number. Of course, you can't copy paste. God forbid if the numbers don't match.

3. Now, to the IFSC. This is an 11 digit number. If you don't know the receiving bank's IFSC code, you need to google it up separately using the bank name and location. Rules for entering the number are same as above. So some more screen flipping.

4. Next is the amount, which is the easiest to enter because you probably have that number in your head.

5. Hit submit and you will invariably get a message saying, "You session has been timed out. Please login again.".          Now you see, why I quoted the comedian above?

I have to use two separate machines and one helper to read out the numbers from the second machine as I type them in the screen to ensure that I am able to complete the request before timing out.


 
Jeanne Boyarsky
author & internet detective
Posts: 39769
797
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul,
Can my local bank have some of your security. Then we'd have enough and you'd still have plenty.

My bank still doesn't believe in two factor. They have recently started using a third party site that my third party blockers in my primary browser block. Awesome.
 
We're all out of roofs. But we still have tiny ads:
Sauce Labs - World's Largest Continuous Testing Cloud for Websites and Mobile Apps
https://coderanch.com/t/722574/Sauce-Labs-World-Largest-Continuous
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!