Sunday, December 29, 2002 There is a small silly hitch with CITIBANK CANADA's secured sign in to online banking: https://citibankcanada.ebilling.com/index.jhtml Specifically AUTOCOMPLETE="off" in the forms. It is not set. While much explanation is made about SSL connections and fancy digital certificates, the simplest of web programming errors Thwarte ! all that: CITIBANK CANADA's login allows for the Microsoft Internet Explorer autocomplete feature to function. What that does is remember your name and password. So on a public or even private machine, all one needs to do is, double click the "name" form and the password will automicrosoftly autocomplete [fill in]. Cursory examination of the CITIBANK USA confirms that it is disabled: <form name=signon action='https://web.da-us.citibank.com/cgi- bin/citifi/scripts/login2/login.jsp' method='post' onsubmit='return onSubmit(signon);' AUTOCOMPLETE="off"> <input type=hidden name="flow" value="login1"> <input type=hidden name="remember" value="Y"> <input type=hidden name="next_page" value=""> There might be other CITIBANK sign in's though, including international branches. Notes: critical to ensure when travelling to clear all forms when using public machines [internet cafe, business center etc.]. That would be: TOOLS - INTERNET OPTIONS - CONTENT - AUTOCOMPLETE: "CLEAR FORMS" & "CLEAR PASSWORDS". Not to mention shared private machines. End Call -- http://www.malware.com
This archive was generated by hypermail 2b30 : Mon Dec 30 2002 - 13:34:09 PST