Re^2: Trying to download account balance

Where in the OPs post did he say he wanted to bypass security procedures? All I'm getting from his question is that he wants to use an alternate interface. That is, instead of using a web browser (over the accepted transport protocol HTTP, one hopes S) he'd like to access it via a perl script (over same said protocol). Since when is that not a legitimate desire? Any security measure that does not rely on the security of information shared only by the bank and the customer (password/TAN), but instead on obscurity of the way this information is verified, is bound to be inherently broken. If this were essential to the "security" of access, exposing this flaw could only be good for the customers, and thereby the bank itself

Thinking about it, you must either not know very much about web security or have some vested interest in keeping the workings of Chase online banking as obscure as possible. Which is it?

And that last paragraph pontificating about others pontifications is just ridiculous. Tone it down BUKky, you're losing it.

Comment on Re^2: Trying to download account balance

Replies are listed 'Best First'.
Re^3: Trying to download account balance by BrowserUk (Patriarch) on Sep 17, 2007 at 13:08 UTC
Most browser-based banking sites will require Javascript, and will often go through several layers of redirect. One of the goals of these mechanisms is to try and ensure that no significant information gets left lying around in browser caches and/or local proxies. Another goal is to try and ensure that credentials are input by a human being. This is an attempt to prevent the possibility of root kits and other nasties from being able to login automatically. The single greatest point of weakness of the entire banking system are customers homes. Most banks do everything they can to prevent automated access to their systems, other than via those mechanisms they put in place. For the record. I have no associations or relationships with Chase. And I do not use internet banking systems. The only online banking systems I consider secure are those that use dedicated dialup. Paranoid? Make up your own mind. As for me "losing it". Is it really such a stretch of your imagination, that the breadth and depth of the skill levels in this place, combined with the freely given nature of that expertise, has not gone unnoticed to those on the web that would put that expertise to less than legitimate usage? Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". In the absence of evidence, opinion is indistinguishable from prejudice. "Too many [] have been sedated by an oppressive environment of political correctness and risk aversion."	[reply]

Replies are listed 'Best First'.

Re^3: Trying to download account balance
by BrowserUk (Patriarch) on Sep 17, 2007 at 13:08 UTC

Most browser-based banking sites will require Javascript, and will often go through several layers of redirect. One of the goals of these mechanisms is to try and ensure that no significant information gets left lying around in browser caches and/or local proxies.

Another goal is to try and ensure that credentials are input by a human being. This is an attempt to prevent the possibility of root kits and other nasties from being able to login automatically. The single greatest point of weakness of the entire banking system are customers homes. Most banks do everything they can to prevent automated access to their systems, other than via those mechanisms they put in place.

For the record. I have *no* associations or relationships with Chase. And I do not use internet banking systems. The only online banking systems I consider secure are those that use dedicated dialup. Paranoid? Make up your own mind.

As for me "losing it". Is it really such a stretch of your imagination, that the breadth and depth of the skill levels in this place, combined with the freely given nature of that expertise, has not gone unnoticed to those on the web that would put that expertise to less than legitimate usage?

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

"Too many [] have been sedated by an oppressive environment of political correctness and risk aversion."

[reply]