http-equiv@excite.com
31/12/02, 06:08
Sunday, December 29, 2002
There is a small silly hitch with CITIBANK CANADA's secured sign in
to online banking:
https://citibankcanada.ebilling.com/index.jhtml
Specifically AUTOCOMPLETE="off" in the forms. It is not set.
While much explanation is made about SSL connections and fancy
digital certificates, the simplest of web programming errors
Thwarte ! all that:
CITIBANK CANADA's login allows for the Microsoft Internet Explorer
autocomplete feature to function. What that does is remember your
name and password. So on a public or even private machine, all one
needs to do is, double click the "name" form and the password will
automicrosoftly autocomplete [fill in].
Cursory examination of the CITIBANK USA confirms that it is disabled:
<form name=signon
action='https://web.da-us.citibank.com/cgi-
bin/citifi/scripts/login2/login.jsp'
method='post' onsubmit='return onSubmit(signon);'
AUTOCOMPLETE="off">
<input type=hidden name="flow" value="login1">
<input type=hidden name="remember" value="Y">
<input type=hidden name="next_page" value="">
There might be other CITIBANK sign in's though, including
international branches.
Notes: critical to ensure when travelling to clear all forms when
using public machines [internet cafe, business center etc.]. That
would be: TOOLS - INTERNET OPTIONS - CONTENT - AUTOCOMPLETE: "CLEAR
FORMS" & "CLEAR PASSWORDS". Not to mention shared private machines.
End Call
--
http://www.malware.com
There is a small silly hitch with CITIBANK CANADA's secured sign in
to online banking:
https://citibankcanada.ebilling.com/index.jhtml
Specifically AUTOCOMPLETE="off" in the forms. It is not set.
While much explanation is made about SSL connections and fancy
digital certificates, the simplest of web programming errors
Thwarte ! all that:
CITIBANK CANADA's login allows for the Microsoft Internet Explorer
autocomplete feature to function. What that does is remember your
name and password. So on a public or even private machine, all one
needs to do is, double click the "name" form and the password will
automicrosoftly autocomplete [fill in].
Cursory examination of the CITIBANK USA confirms that it is disabled:
<form name=signon
action='https://web.da-us.citibank.com/cgi-
bin/citifi/scripts/login2/login.jsp'
method='post' onsubmit='return onSubmit(signon);'
AUTOCOMPLETE="off">
<input type=hidden name="flow" value="login1">
<input type=hidden name="remember" value="Y">
<input type=hidden name="next_page" value="">
There might be other CITIBANK sign in's though, including
international branches.
Notes: critical to ensure when travelling to clear all forms when
using public machines [internet cafe, business center etc.]. That
would be: TOOLS - INTERNET OPTIONS - CONTENT - AUTOCOMPLETE: "CLEAR
FORMS" & "CLEAR PASSWORDS". Not to mention shared private machines.
End Call
--
http://www.malware.com