lol @ this idea.
I don't think I would want my coworkers knowing how much I have in the bank #1.
I don't think I would want my coworkers knowing how much I have in the bank #1.
christ I must be on Wells Fargo's sh!t list or something. If I go to target monday morning and purchase something, my credit line will deduct within a couple of hours, but the actual charge wont be available for me to view for at least 2-3 days minimum.Originally posted by: Eli
That sucks. I bank with Wells Fargo and their online stuff is basically real-time. I can go to 7-11 a few minutes away, pay with debit, and when I get back the charge will be there.Originally posted by: Mill
Originally posted by: CPA
Originally posted by: richardycc
are you obsessive compulsive? most peoples' bank account balanace don't change every 5seconds or hourly.
Mine does. My bank applies changes very quickly.
Which bank do you use? My bank's online banking seriously takes forever to post stuff. Phone banking to check the balance is much faster. Especially for credit cards issued by the bank.
Uh... First of all, you completely missed the point. I was not saying that it's so simple, anybody can do it. I was asking what the difference is between IE and any other program. It's all just lines of code. If IE can securely connect to (Wells Fargo online banking), why couldn't any other program?Originally posted by: EpsiIon
Originally posted by: Eli
Bah, you all suck.. If I could code, I'd write something to do it myself.. couldn't possibly be that hard, and I really don't think there is a security issue. What is the difference between IE or firefox and any other program, at heart? It's all just lines of code.
Gosh, it's so simple! Why am I studying Computer Science!? I don't know! I mean, it's all just lines of code! Anybody can do it! :roll:
Look, the way online banking is setup, you're either authorized or not authorized. If you're authorized, you can do anything to your account. So, if you're running this, all somebody has to do to mangle your account is get control of your computer. Remotely or locally, if they can access your computer, they can transfer funds. That's a HUGE security risk and a really stupid thing to run.
Further, How the fsck are they going to get a program that is coded to simply display a few numbers to transfer money?
I'm not asking for a full-fledged on-computer application to manage your bank account, all it needs to do is connect every 6-8 hours and update the balance displayed in the system tray or wherever.
This isn't rocket science, and I really do not understand where the security risks are. What the hell is the difference between doing it manually with IE or Firefox or some other program?
Use your brains people. How is it any different from manually typing in your username and password in IE?!
The username AND pw could be displayed as *'s in the program.. I mean, come on.
You wouldn't have to be "hardwired".. it shouldn't be any different than connecting with IE.
I don't understand the paranoia regarding this.
If only I knew how to code. This would be interesting to do, I couldn't imagine it would be difficult either. Spyware authors do it for their crappy weather programs.
Uh... First of all, you completely missed the point. I was not saying that it's so simple, anybody can do it. I was asking what the difference is between IE and any other program. It's all just lines of code. If IE can securely connect to (Wells Fargo online banking), why couldn't any other program?
Here's the anatomy of a secure transaction using 128-bit SSL encryption with a bank:
1) Browser initiates session with the bank provider server
2) Bank returns cookies/other gobbledygook to identify session ID
3) User logs in to bank, most of the time by using a form and passing variables to it using POST or GET.
4) Server authenticates and gets data from backend database with relevant info.
The difference in some cases between IE an another program isn't very dramatic. You could use .NET to do what you want. It'd be really easy, actually. Just figure out what to pass to the bank server, capture responses and figure out how to format them.
In some cases, you have to keep in mind that there are server-side scripts or approaches. You couldn't access those directly (well, you could if the programmer didn't do a good job) with either IE or another browser or another method.
Further, How the fsck are they going to get a program that is coded to simply display a few numbers to transfer money?
That's true. But, there's online billpay, and many people reuse password/login combinations, and hackers can do data mining, and all sorts of stuff. In general, it's not a good idea.
I'm not asking for a full-fledged on-computer application to manage your bank account, all it needs to do is connect every 6-8 hours and update the balance displayed in the system tray or wherever.
Why don't you just use something like www.yodlee.com ? It's not a Win32 app, but it's pretty convenient.
This isn't rocket science, and I really do not understand where the security risks are.
Connection hijacking, password compromises, people discovering your balance/details, and so on. the point is that if you want an always-on balance display, the session needs to be renewed. How do you do that? Store the logon details in a file? insecure. Encrypt the logon details? Okay, no problem, so all I'd need to do is gain access to your computer, load the program in a debugger and move bytes and pointers around in assembly to get access to the account.
If you want to manually enter the login/password each time, then why not just use the bank interface or yodlee?
What the hell is the difference between doing it manually with IE or Firefox or some other program?
Not much, You can write an app. But it would need to timeout to be secure. Even then, there are some risks. BTW, MBNA does a one-time-use number generator that's an app. It interfaces using SSL with the MBNA backend servers and you can get your account details with it. It's just a shell for parsing HTML.
Use your brains people. How is it any different from manually typing in your username and password in IE?!
Depends what you need. I just identified some possible vulnerabilities. If you don't mind putting in your login and pass every time, then the proggie can work. If you want it always on, then how do you store authentication details? I just told you how to break whatever method you use. If it's a running program, I can move the bytes around in memory and hijack it. Not the same thing if the session times out and you need to put in your info every time.
The username AND pw could be displayed as *'s in the program.. I mean, come on.
LOL
are you serious? Come on, that's like getting a DUN password.
http://www.abf-soft.com/password-recovery.shtml would do it very readily.
So, to sum:
1) yes, you could program a small app to get your balance. You'd need to figure out how the bank interface works. It's not difficult but needs trial-and-error without API documentation.
2) There are many security risks with the app, which can be mitigated by not storing the password.
3) if the password is not stored, how is this any better than logging in and checking your balance? Is it that difficult to open a browser and click a bookmark? If you have multiple accounts, use yodlee.
and to answer your question, I don't think there's a program like that out there. Quicken/Money update from the net and show balances, but they don't display it in the tray.
Cheers !
Here's the anatomy of a secure transaction using 128-bit SSL encryption with a bank:
1) Browser initiates session with the bank provider server
2) Bank returns cookies/other gobbledygook to identify session ID
3) User logs in to bank, most of the time by using a form and passing variables to it using POST or GET.
4) Server authenticates and gets data from backend database with relevant info.
The difference in some cases between IE an another program isn't very dramatic. You could use .NET to do what you want. It'd be really easy, actually. Just figure out what to pass to the bank server, capture responses and figure out how to format them.
In some cases, you have to keep in mind that there are server-side scripts or approaches. You couldn't access those directly (well, you could if the programmer didn't do a good job) with either IE or another browser or another method.
Further, How the fsck are they going to get a program that is coded to simply display a few numbers to transfer money?
That's true. But, there's online billpay, and many people reuse password/login combinations, and hackers can do data mining, and all sorts of stuff. In general, it's not a good idea.
I'm not asking for a full-fledged on-computer application to manage your bank account, all it needs to do is connect every 6-8 hours and update the balance displayed in the system tray or wherever.
Why don't you just use something like www.yodlee.com ? It's not a Win32 app, but it's pretty convenient.
This isn't rocket science, and I really do not understand where the security risks are.
Connection hijacking, password compromises, people discovering your balance/details, and so on. the point is that if you want an always-on balance display, the session needs to be renewed. How do you do that? Store the logon details in a file? insecure. Encrypt the logon details? Okay, no problem, so all I'd need to do is gain access to your computer, load the program in a debugger and move bytes and pointers around in assembly to get access to the account.
If you want to manually enter the login/password each time, then why not just use the bank interface or yodlee?
What the hell is the difference between doing it manually with IE or Firefox or some other program?
Not much, You can write an app. But it would need to timeout to be secure. Even then, there are some risks. BTW, MBNA does a one-time-use number generator that's an app. It interfaces using SSL with the MBNA backend servers and you can get your account details with it. It's just a shell for parsing HTML.
Use your brains people. How is it any different from manually typing in your username and password in IE?!
Depends what you need. I just identified some possible vulnerabilities. If you don't mind putting in your login and pass every time, then the proggie can work. If you want it always on, then how do you store authentication details? I just told you how to break whatever method you use. If it's a running program, I can move the bytes around in memory and hijack it. Not the same thing if the session times out and you need to put in your info every time.
The username AND pw could be displayed as *'s in the program.. I mean, come on.
LOL
are you serious? Come on, that's like getting a DUN password.
http://www.abf-soft.com/password-recovery.shtml would do it very readily.
So, to sum:
1) yes, you could program a small app to get your balance. You'd need to figure out how the bank interface works. It's not difficult but needs trial-and-error without API documentation.
2) There are many security risks with the app, which can be mitigated by not storing the password.
3) if the password is not stored, how is this any better than logging in and checking your balance? Is it that difficult to open a browser and click a bookmark? If you have multiple accounts, use yodlee.
and to answer your question, I don't think there's a program like that out there. Quicken/Money update from the net and show balances, but they don't display it in the tray.
Cheers !
Finally, a real response other than "it's teh bad idea!"Originally posted by: linuxboy
Uh... First of all, you completely missed the point. I was not saying that it's so simple, anybody can do it. I was asking what the difference is between IE and any other program. It's all just lines of code. If IE can securely connect to (Wells Fargo online banking), why couldn't any other program?
Here's the anatomy of a secure transaction using 128-bit SSL encryption with a bank:
1) Browser initiates session with the bank provider server
2) Bank returns cookies/other gobbledygook to identify session ID
3) User logs in to bank, most of the time by using a form and passing variables to it using POST or GET.
4) Server authenticates and gets data from backend database with relevant info.
The difference in some cases between IE an another program isn't very dramatic. You could use .NET to do what you want. It'd be really easy, actually. Just figure out what to pass to the bank server, capture responses and figure out how to format them.
In some cases, you have to keep in mind that there are server-side scripts or approaches. You couldn't access those directly (well, you could if the programmer didn't do a good job) with either IE or another browser or another method.
Further, How the fsck are they going to get a program that is coded to simply display a few numbers to transfer money?
That's true. But, there's online billpay, and many people reuse password/login combinations, and hackers can do data mining, and all sorts of stuff. In general, it's not a good idea.
I'm not asking for a full-fledged on-computer application to manage your bank account, all it needs to do is connect every 6-8 hours and update the balance displayed in the system tray or wherever.
Why don't you just use something like www.yodlee.com ? It's not a Win32 app, but it's pretty convenient.
This isn't rocket science, and I really do not understand where the security risks are.
Connection hijacking, password compromises, people discovering your balance/details, and so on. the point is that if you want an always-on balance display, the session needs to be renewed. How do you do that? Store the logon details in a file? insecure. Encrypt the logon details? Okay, no problem, so all I'd need to do is gain access to your computer, load the program in a debugger and move bytes and pointers around in assembly to get access to the account.
If you want to manually enter the login/password each time, then why not just use the bank interface or yodlee?
What the hell is the difference between doing it manually with IE or Firefox or some other program?
Not much, You can write an app. But it would need to timeout to be secure. Even then, there are some risks. BTW, MBNA does a one-time-use number generator that's an app. It interfaces using SSL with the MBNA backend servers and you can get your account details with it. It's just a shell for parsing HTML.
Use your brains people. How is it any different from manually typing in your username and password in IE?!
Depends what you need. I just identified some possible vulnerabilities. If you don't mind putting in your login and pass every time, then the proggie can work. If you want it always on, then how do you store authentication details? I just told you how to break whatever method you use. If it's a running program, I can move the bytes around in memory and hijack it. Not the same thing if the session times out and you need to put in your info every time.
The username AND pw could be displayed as *'s in the program.. I mean, come on.
LOL
are you serious? Come on, that's like getting a DUN password.
http://www.abf-soft.com/password-recovery.shtml would do it very readily.
So, to sum:
1) yes, you could program a small app to get your balance. You'd need to figure out how the bank interface works. It's not difficult but needs trial-and-error without API documentation.
2) There are many security risks with the app, which can be mitigated by not storing the password.
3) if the password is not stored, how is this any better than logging in and checking your balance? Is it that difficult to open a browser and click a bookmark? If you have multiple accounts, use yodlee.
and to answer your question, I don't think there's a program like that out there. Quicken/Money update from the net and show balances, but they don't display it in the tray.
Cheers !
WELL.. LOL... By saying that the username/PW could be displayed as *'s in the program, I was kinda implying that it would be encrypted on the HDD, not just stored in a .txt file...
I understand that someone could still h4x0r me and get my password.. but I'm not that paranoid. I agree that not storing the password would be pretty pointless, I may as well just login manually. You could encrypt it pretty heavily though, couldn't you? We have all kinds of passwords stored on our computers.. how does eBay encrypt your password? Shrug.
I suppose there could be problems if there was a mass-marketed program that was designed to do this. Hax0rs would see it as an opportunity in general, and search for vulnerabilities...
That's why I wish I could code myself.
It would be handy for me. That's one thing I hate about computers. When you can't code, you have to leave it up to other people to decide what you want to do with your computer.i could probably make one, just pm me your account number, pin, and any passwords you use for it
It seems silly for an online banking system to use your account number/pin.Originally posted by: neonerd
i could probably make one, just pm me your account number, pin, and any passwords you use for it
Mine uses a user-made-up username/pw. It doesen't display any important account information except balanace, which isn't a big deal at all.
Some people are so protective of stuff like that.. Like people that won't tell you how much they make an hour, or try and hide their paycheck ammount from you, or won't tell you how many HPs they have in RPGs.. I've always found it amusing.. lol
There is really nothing for me to worry about. Even if someone did gain my username/pw, everything having to do with my account is X'd out.. they would be able to get my address.. oh n0es! The only option to transfer money I have is an option to transfer money to another bank account of yours (with the same bank).
They could delete my account... change my username/pw.. reorder checks for me.. request overdraft protection.. lol.....
Shrug.
Originally posted by: Eli
It seems silly for an online banking system to use your account number/pin.Originally posted by: neonerd
i could probably make one, just pm me your account number, pin, and any passwords you use for it
Mine uses a user-made-up username/pw. It doesen't display any important account information except balanace, which isn't a big deal at all.
Some people are so protective of stuff like that.. Like people that won't tell you how much they make an hour, or try and hide their paycheck ammount from you, or won't tell you how many HPs they have in RPGs.. I've always found it amusing.. lol
There is really nothing for me to worry about. Even if someone did gain my username/pw, everything having to do with my account is X'd out.. they would be able to get my address.. oh n0es! The only option to transfer money I have is an option to transfer money to another bank account of yours (with the same bank).
They could delete my account... change my username/pw.. reorder checks for me.. request overdraft protection.. lol.....
Shrug.
I hate people like that too. Or women being protective of their ages.
BTW, your postcount is showing!!11!one
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter