[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] a quick test of web site stupid

Subject: [ale] a quick test of web site stupid
From: michaeldnolan at gmail.com (Michael Nolan)
Date: Mon, 4 Mar 2013 09:52:29 -0500
In-reply-to: <[email protected]>
References: <CAEo=5PwvgZguiPgoV2_ZzJ0ytjcSpPcK_C8H_RMNhYX5=bo4jQ@mail.gmail.com> <[email protected]> <[email protected]>

I'm in a extensive email "discussion" right now with a financial
services corporation web site that holds some assets for me as part of
a performance clause in a contract. (I can't move the assets, using
them is stipulated in the contract)

Some of their "security" features are to not allow auto fill-in of
usernames and passwords, (easily defeatable)... and blanking of the
username if the window loses focus using JavaScript functions,
(irritating, but still defeatable)

I got annoyed and snooped around until I found who does their security
and sent them a heads up and explanation of why it's not a good idea
to try to implement security measures inside a users browser.... also
a possible scenario on how it could be exploited.

Needless to say this was not appreciated and I got a nasty-gram
telling me they are watching me and not to screw around with the site.

No "Thanks, we'll look into it..." or anything like it.

Nice.

Follow-Ups:
- [ale] a quick test of web site stupid
  - From: david at systemoverlord.com (David Tomaschik)

References:
- [ale] a quick test of web site stupid
  - From: JLightner at water.com (Lightner, Jeff)

Prev by Date: [ale] evernote security breach
Next by Date: [ale] evernote security breach
Previous by thread: [ale] a quick test of web site stupid
Next by thread: [ale] a quick test of web site stupid
Index(es):
- Date
- Thread