Arguing with the bank ...
-
... my correspondence with my banks eBanking division ... Hi I recently registered my fiancée eBanking on her work computer. Its a windows 2000 machine with fairly tight security. I am a senior software engineering and have great deal of experience of developing windows application. she wasn't able to register for her internet banking and asked me to have a look. On investigation I discovered that the registration process tries to create the key in the directory "C:\Documents and Settings\All Users\Application Data\e-Safekey\Personal". My fiancée was not an administrative user and therefore had no write permissions to this directory (and no way to get them). I also found the registry key that controlled this functionality was "HKEY_LOCAL_MACHINE\SOFTWARE\e-SafeKey\Personal". So I changed the key to point to the directory "C:\Documents and Settings\\Application Data\e-Safekey\Personal", I would expect she would have permissions to write here. You should not need local administrative privileges to use the security of a website period. I suggest you talk to your security vendor and ask them to correct this bug, and use the correct directory. This also may be a security risk as other users of the same machine would be able to read the contents of the "C:\Documents and Settings\All Users\Application Data\e-Safekey\Personal" directory, however they would not be able to read a users personel "Application Data" directory. .... and their response .... Thank you for your enquiry. It is actually not a bug, we have done it intentionally. If there are several eBanking customers on the same computer, they need a common location they all have write access to. Most URC are setup to allow users write access to the All Users folder, and we need users to have write access from the internet to the folder chosen to be able to update their keyfile. There are functions in the eBanking for changing the default locations, for those users with especially restrictive setups. I will send your mail to development as a suggestion, but wanted you to know beforehand that it was a choice taken by development. ... so am I crazy ? ...
Regards Ray "Je Suis Mort De Rire" Blogging @ Keratoconus Watch 'Cos the righteous truth is, there ain't nothing worse than some fool lying on some Third World beach wearing spandex, psychedelic trousers, smoking damn dope pretending he gettin' consciousness expansion. I want conscio
-
... my correspondence with my banks eBanking division ... Hi I recently registered my fiancée eBanking on her work computer. Its a windows 2000 machine with fairly tight security. I am a senior software engineering and have great deal of experience of developing windows application. she wasn't able to register for her internet banking and asked me to have a look. On investigation I discovered that the registration process tries to create the key in the directory "C:\Documents and Settings\All Users\Application Data\e-Safekey\Personal". My fiancée was not an administrative user and therefore had no write permissions to this directory (and no way to get them). I also found the registry key that controlled this functionality was "HKEY_LOCAL_MACHINE\SOFTWARE\e-SafeKey\Personal". So I changed the key to point to the directory "C:\Documents and Settings\\Application Data\e-Safekey\Personal", I would expect she would have permissions to write here. You should not need local administrative privileges to use the security of a website period. I suggest you talk to your security vendor and ask them to correct this bug, and use the correct directory. This also may be a security risk as other users of the same machine would be able to read the contents of the "C:\Documents and Settings\All Users\Application Data\e-Safekey\Personal" directory, however they would not be able to read a users personel "Application Data" directory. .... and their response .... Thank you for your enquiry. It is actually not a bug, we have done it intentionally. If there are several eBanking customers on the same computer, they need a common location they all have write access to. Most URC are setup to allow users write access to the All Users folder, and we need users to have write access from the internet to the folder chosen to be able to update their keyfile. There are functions in the eBanking for changing the default locations, for those users with especially restrictive setups. I will send your mail to development as a suggestion, but wanted you to know beforehand that it was a choice taken by development. ... so am I crazy ? ...
Regards Ray "Je Suis Mort De Rire" Blogging @ Keratoconus Watch 'Cos the righteous truth is, there ain't nothing worse than some fool lying on some Third World beach wearing spandex, psychedelic trousers, smoking damn dope pretending he gettin' consciousness expansion. I want conscio
and where have you moved your account to?
-
and where have you moved your account to?
:-D
Regards Ray "Je Suis Mort De Rire" Blogging @ Keratoconus Watch 'Cos the righteous truth is, there ain't nothing worse than some fool lying on some Third World beach wearing spandex, psychedelic trousers, smoking damn dope pretending he gettin' consciousness expansion. I want consciousness expansion, I go to my local tabernacle an' I sing with the brothers and sisters -- Alabama 3
-
... my correspondence with my banks eBanking division ... Hi I recently registered my fiancée eBanking on her work computer. Its a windows 2000 machine with fairly tight security. I am a senior software engineering and have great deal of experience of developing windows application. she wasn't able to register for her internet banking and asked me to have a look. On investigation I discovered that the registration process tries to create the key in the directory "C:\Documents and Settings\All Users\Application Data\e-Safekey\Personal". My fiancée was not an administrative user and therefore had no write permissions to this directory (and no way to get them). I also found the registry key that controlled this functionality was "HKEY_LOCAL_MACHINE\SOFTWARE\e-SafeKey\Personal". So I changed the key to point to the directory "C:\Documents and Settings\\Application Data\e-Safekey\Personal", I would expect she would have permissions to write here. You should not need local administrative privileges to use the security of a website period. I suggest you talk to your security vendor and ask them to correct this bug, and use the correct directory. This also may be a security risk as other users of the same machine would be able to read the contents of the "C:\Documents and Settings\All Users\Application Data\e-Safekey\Personal" directory, however they would not be able to read a users personel "Application Data" directory. .... and their response .... Thank you for your enquiry. It is actually not a bug, we have done it intentionally. If there are several eBanking customers on the same computer, they need a common location they all have write access to. Most URC are setup to allow users write access to the All Users folder, and we need users to have write access from the internet to the folder chosen to be able to update their keyfile. There are functions in the eBanking for changing the default locations, for those users with especially restrictive setups. I will send your mail to development as a suggestion, but wanted you to know beforehand that it was a choice taken by development. ... so am I crazy ? ...
Regards Ray "Je Suis Mort De Rire" Blogging @ Keratoconus Watch 'Cos the righteous truth is, there ain't nothing worse than some fool lying on some Third World beach wearing spandex, psychedelic trousers, smoking damn dope pretending he gettin' consciousness expansion. I want conscio
Glad that you at least got that conscious techy reply. Banking staff in India are just fit as 'chatterboxes'. '
Empty vessels make more noise'.Vasudevan Deepak Kumar Personal Homepage Tech Gossips
-
... my correspondence with my banks eBanking division ... Hi I recently registered my fiancée eBanking on her work computer. Its a windows 2000 machine with fairly tight security. I am a senior software engineering and have great deal of experience of developing windows application. she wasn't able to register for her internet banking and asked me to have a look. On investigation I discovered that the registration process tries to create the key in the directory "C:\Documents and Settings\All Users\Application Data\e-Safekey\Personal". My fiancée was not an administrative user and therefore had no write permissions to this directory (and no way to get them). I also found the registry key that controlled this functionality was "HKEY_LOCAL_MACHINE\SOFTWARE\e-SafeKey\Personal". So I changed the key to point to the directory "C:\Documents and Settings\\Application Data\e-Safekey\Personal", I would expect she would have permissions to write here. You should not need local administrative privileges to use the security of a website period. I suggest you talk to your security vendor and ask them to correct this bug, and use the correct directory. This also may be a security risk as other users of the same machine would be able to read the contents of the "C:\Documents and Settings\All Users\Application Data\e-Safekey\Personal" directory, however they would not be able to read a users personel "Application Data" directory. .... and their response .... Thank you for your enquiry. It is actually not a bug, we have done it intentionally. If there are several eBanking customers on the same computer, they need a common location they all have write access to. Most URC are setup to allow users write access to the All Users folder, and we need users to have write access from the internet to the folder chosen to be able to update their keyfile. There are functions in the eBanking for changing the default locations, for those users with especially restrictive setups. I will send your mail to development as a suggestion, but wanted you to know beforehand that it was a choice taken by development. ... so am I crazy ? ...
Regards Ray "Je Suis Mort De Rire" Blogging @ Keratoconus Watch 'Cos the righteous truth is, there ain't nothing worse than some fool lying on some Third World beach wearing spandex, psychedelic trousers, smoking damn dope pretending he gettin' consciousness expansion. I want conscio
It's good that they at least paid attention to your email - much better than getting a template "NOT A BUG" response. > It is actually not a bug, we have done it intentionally. > If there are several eBanking customers on the same > computer, they need a common location they all have > write access to. My question to this would be: Why? What is gained from forcing multiple users to share that space? I don't see that it would cause any problems to by default put it in a folder that's more likely to be writeable by any type of account. This would surely be both safer and less restrictive.
-
... my correspondence with my banks eBanking division ... Hi I recently registered my fiancée eBanking on her work computer. Its a windows 2000 machine with fairly tight security. I am a senior software engineering and have great deal of experience of developing windows application. she wasn't able to register for her internet banking and asked me to have a look. On investigation I discovered that the registration process tries to create the key in the directory "C:\Documents and Settings\All Users\Application Data\e-Safekey\Personal". My fiancée was not an administrative user and therefore had no write permissions to this directory (and no way to get them). I also found the registry key that controlled this functionality was "HKEY_LOCAL_MACHINE\SOFTWARE\e-SafeKey\Personal". So I changed the key to point to the directory "C:\Documents and Settings\\Application Data\e-Safekey\Personal", I would expect she would have permissions to write here. You should not need local administrative privileges to use the security of a website period. I suggest you talk to your security vendor and ask them to correct this bug, and use the correct directory. This also may be a security risk as other users of the same machine would be able to read the contents of the "C:\Documents and Settings\All Users\Application Data\e-Safekey\Personal" directory, however they would not be able to read a users personel "Application Data" directory. .... and their response .... Thank you for your enquiry. It is actually not a bug, we have done it intentionally. If there are several eBanking customers on the same computer, they need a common location they all have write access to. Most URC are setup to allow users write access to the All Users folder, and we need users to have write access from the internet to the folder chosen to be able to update their keyfile. There are functions in the eBanking for changing the default locations, for those users with especially restrictive setups. I will send your mail to development as a suggestion, but wanted you to know beforehand that it was a choice taken by development. ... so am I crazy ? ...
Regards Ray "Je Suis Mort De Rire" Blogging @ Keratoconus Watch 'Cos the righteous truth is, there ain't nothing worse than some fool lying on some Third World beach wearing spandex, psychedelic trousers, smoking damn dope pretending he gettin' consciousness expansion. I want conscio
Not a bad reply from the bank could of been worse "what were you doing messing with our software" etc hopefully the development team will change that and make it in the local user area. was the key of importance to the overall access to the bank account? if so why on earth are they leaving important info on the machine? my banks ebanking is via https and doesnt install anything, just a few hoops of logging on i need to jump through.
Code Project Lounge 101 by John Cardinal :beer::bob::beer:
-
... my correspondence with my banks eBanking division ... Hi I recently registered my fiancée eBanking on her work computer. Its a windows 2000 machine with fairly tight security. I am a senior software engineering and have great deal of experience of developing windows application. she wasn't able to register for her internet banking and asked me to have a look. On investigation I discovered that the registration process tries to create the key in the directory "C:\Documents and Settings\All Users\Application Data\e-Safekey\Personal". My fiancée was not an administrative user and therefore had no write permissions to this directory (and no way to get them). I also found the registry key that controlled this functionality was "HKEY_LOCAL_MACHINE\SOFTWARE\e-SafeKey\Personal". So I changed the key to point to the directory "C:\Documents and Settings\\Application Data\e-Safekey\Personal", I would expect she would have permissions to write here. You should not need local administrative privileges to use the security of a website period. I suggest you talk to your security vendor and ask them to correct this bug, and use the correct directory. This also may be a security risk as other users of the same machine would be able to read the contents of the "C:\Documents and Settings\All Users\Application Data\e-Safekey\Personal" directory, however they would not be able to read a users personel "Application Data" directory. .... and their response .... Thank you for your enquiry. It is actually not a bug, we have done it intentionally. If there are several eBanking customers on the same computer, they need a common location they all have write access to. Most URC are setup to allow users write access to the All Users folder, and we need users to have write access from the internet to the folder chosen to be able to update their keyfile. There are functions in the eBanking for changing the default locations, for those users with especially restrictive setups. I will send your mail to development as a suggestion, but wanted you to know beforehand that it was a choice taken by development. ... so am I crazy ? ...
Regards Ray "Je Suis Mort De Rire" Blogging @ Keratoconus Watch 'Cos the righteous truth is, there ain't nothing worse than some fool lying on some Third World beach wearing spandex, psychedelic trousers, smoking damn dope pretending he gettin' consciousness expansion. I want conscio
You ask your bank about a problem with your software, and get a meaningful technical reply? You are from another world. Or crazy. I don't know. C:\Documents and Settings\All Users\Application Data\e-Safekey\Personal is writable by default for limited accounts (as advertised, and as tested on XP SP2), and the documented place for 'files that are required by the application, aren't user documents, shared between users, and writable'.
We are a big screwed up dysfunctional psychotic happy family - some more screwed up, others more happy, but everybody's psychotic joint venture definition of CP
My first real C# project | Linkify!|FoldWithUs! | sighist