Opera and Wells Fargo secure online banking
Don Kennedy
I use Wells Fargo Bank's online banking features; see https://banking.wellsfargo.com/ . While Netscape 4.75 establishes
the secure connection and presents me with the banking options in about 30 seconds, Opera never does - somewhere along
the line things never seem to complete. I've got the cookie setup configured to accept all cookies while doing this, and
still no luck. Are there any special config settings needed to do this? This is the only reason I'm still using
Netscape, and I'd like to move fully on as soon as I can :-).
Thanks,
Don
Don Kennedy
fiddling with the cookie filters, see if I can get something a little
more selective than that..
Don Kennedy wrote:
>
> Hi, all; I've downloaded Opera 5.02 and am running it under Win98. It works very nicely except for one issue ...
Don Kennedy
for more email & phonecalls, I guess..
---------------------------------------------------
Subject: Re : (#7482-000443-9525\4439525)
Date: Tue, 20 Feb 2001 10:52:16 -0800 (PST)
From: "Online Customer Service" <ofsrep...@WellsFargo.COM>
To: donke...@earthlink.net
(#7482-000443-9525\4439525)
Dear Don Kennedy:
Thank you for your interest in banking online with Wells Fargo. We have received your e-mail regarding the recent change to
prohibit Online Banking access with the Opera browser.
For security reasons, Wells Fargo continuously evaluates and eliminates unsupported browsers to access Wells Fargo Online.
At this time, Wells Fargo is continuing to evaluate the Opera Browser.
To view the Wells Fargo Security Guarantee visit http://wellsfargo.com/per/services/security/ .
If you have any further questions or comments, feel free to e-mail us or call us at (800) 956-4442. Wells Fargo Technical
Support is available from 7:00am to 12:00am PST, seven days a week to assist you.
Sincerely,
Wells Fargo Technical Support
Sue Sims
<donke...@earthlink.net> wrote:
>Followup: apparently Wells Fargo considers Opera an unsupported browser; time
>for more email & phonecalls, I guess..
I tried that, and received e-mail that Wells Fargo would not support
any browser which allowed changing of the browser identity :-(
Sue
Don Kennedy
next reply if I queried again.
Rats. Looks like I'll be using two browsers for a while.. :-/
Don Kennedy
http://www.opera.com/support/config/security.html#banking, but it
doesn't address WF's particular concerns as expressed to me.
Can anyone from Opera comment on this?.. - Don
Don Kennedy
"Dear Don Kennedy:
Thank you for writing Wells Fargo.
We understand that you cannot access your account information using Opera's implementation(s). Unfortunately, at this time, this
browser does not meet our strict security guidelines.
We are concerned with the security of your accounts because some browsers tend to store your passwords locally on your hard
drive. This means once you log off of a banking session, anyone else (using the same computer) could log on to Wells Fargo
Online(r) and access your information. We are currently working with some of the browser operators to resolve this issue."
Matthew Winn
<donke...@earthlink.net> quoted:
> "We understand that you cannot access your account information using Opera's implementation(s). Unfortunately, at this time, this
> browser does not meet our strict security guidelines.
>
> We are concerned with the security of your accounts because some browsers tend to store your passwords locally on your hard
> drive. This means once you log off of a banking session, anyone else (using the same computer) could log on to Wells Fargo
> Online(r) and access your information. We are currently working with some of the browser operators to resolve this issue."
I thought Opera didn't store passwords while IE and Netscape did.
Isn't one of the constant complaints "Why do I have to reenter my
password; IE remembers it for me"? Or have I misunderstood the
problem?
--
Matthew Winn (mat...@sheridan.co.uk)
Coi...@mindspring.com
Instructions are given later in this message which involve modifying
OPERA.EXE with a hex editor. That's an "at your own risk" undertaking.
Don't attempt it if you're not prepared to evaluate and accept the
potential consequences for yourself. (If you have to ask, "What do you
mean, 'potential consequences'?" then assume you're *not* prepared...)
[Tue, 20 Feb 2001 08:31:41 -0800] Don Kennedy:
>I use Wells Fargo Bank's online banking features; see https://banking.wellsfargo.com/ . While Netscape 4.75 establishes
>the secure connection and presents me with the banking options in about 30 seconds, Opera never does - somewhere along
>the line things never seem to complete. I've got the cookie setup configured to accept all cookies while doing this, and
>still no luck.
[Tue, 20 Feb 2001 09:53:04 -0800] Don Kennedy:
>I made it work by setting Opera to accept all cookies.
[Thu, 22 Feb 2001 08:30:13 -0800] Don Kennedy:
>Rats. Looks like I'll be using two browsers for a while.. :-/
I'm confused... does it work, or not?
I don't have a Wells Fargo account, so I can't test any of this in depth.
Opera passes their "browser test":
http://www.wellsfargo.com/per/browsertest.jhtml?bit=40
and gets through at least some of pages for establishing a new account ---
but I stopped where I would have had to enter real information.
[Thu, 22 Feb 2001 15:49:52 GMT] Sue Sims:
>I tried that, and received e-mail that Wells Fargo would not support
>any browser which allowed changing of the browser identity :-(
There is a certain absurd quality to their statement... but I suspect they
don't see what it is...
Don... if it doesn't work: how adventuresome do you feel? As I said, I
can't test this, aside from checking that it doesn't crash Opera; but if
you're in the mood to try a little hex-editing, I believe it is possible
to change Opera's User Agent strings so that they match the "big two"
browsers exactly.
First, make a copy of OPERA.EXE!
Then, open OPERA.EXE in a hex editor.
Search the executable for the following hexadecimal string:
29 00 20 00 4F 00 70 00 65 00 72 00 61 00
which is ") Opera" in Unicode. You should find a total of two. In each,
change the "20" (a space) to "00" (end-of-string marker).
The User Agent string sent when "Identify as Opera" is selected will be
unchanged by this edit; but I believe it will cause all the other choices
to mimic their "real" counterparts exactly. That doesn't guarantee that
the pages will work, of course, nor that some other "sniffing" technique
won't "smell a rat"; but it should get one hurdle out of the way, if you
want to try it. Hopefully, it also demonstrates the absurdity of imagining
that "browser sniffing" of any kind has much to do with security.
--
Peace,
Randy aka Coi...@MindSpring.com
Why does Coises have a web site? Why do peanuts come with directions?
Pages at http://www.mindspring.com/~coises/ were updated 24 January 2001.
IIXII
You are absolutely right, Opera does NOT store passwords. It's those dumb
jerks at the bank which confuse everything and think every problem is solved
if they convince their customers to use M$ crap software only. Maybe someone
should positively brainwash them so they realize that Opera is *much* more
secure than IE. If you are using IE, it's about as secure as writing your
password on a big sign and walk around with that sign on your back.
That statement quoted above is absolute BULLSHIT. It's bloody IE which
doesn't meet their stupid guidelines, not Opera!! Maybe someone should
tell them what this certain registry key is all about where IE stores
all information you ever entered in any bloody Edit control, be it a
password or not.
But will they ever listen to anyone not representing the stupid masses
willingly being enslaved by whatever browser they are told to use?
I doubt it. *sigh*
IIXII
Hans Wolf
I bet the problem is this bank's programmers who have only completed
4-week classes of Misrosoft applications. These "professionals" make
unsubstantiated statements and create degenerate coding. Yet, good
programmers cost... So, lock out Opera instead of firing block-headed
programmers.
Hans
Phil Burns
> You are absolutely right, Opera does NOT store passwords. It's those dumb
> jerks at the bank which confuse everything and think every problem is solved
> if they convince their customers to use M$ crap software only. Maybe someone
> should positively brainwash them so they realize that Opera is *much* more
> secure than IE. If you are using IE, it's about as secure as writing your
> password on a big sign and walk around with that sign on your back.
YES!
> That statement quoted above is absolute BULLSHIT. It's bloody IE which
> doesn't meet their stupid guidelines, not Opera!! Maybe someone should
> tell them what this certain registry key is all about where IE stores
> all information you ever entered in any bloody Edit control, be it a
> password or not.
YES!
> But will they ever listen to anyone not representing the stupid masses
> willingly being enslaved by whatever browser they are told to use?
> I doubt it. *sigh*
And probably yes too :(
On a positive note, my bank <URL: http://www.24hour-online.ie/ > which I used to have to spoof to access
updated their site a few months ago to higher security and to allow any browser that could handle the 128bit
encryption and certificates.
I made a point of sending them a an E-mail letting them know that they had done a good job (for which they
thanked me), a thing that maybe we often forget to do.
Phil
{fws}
Even without further comment, I sent a copy of that page
(URL) to AmEx with my complaint earlier. They thanked me
and said they'd look into it. At the moment, I get in there
with any setting other than Opera!
--
Frank,
For e-mail reply, please replace "invalid" with "com"
{fws}
Don Kennedy
Coi...@MindSpring.com wrote:
>
> *** DISCLAIMER ***
> Instructions are given later in this message which involve modifying
> OPERA.EXE with a hex editor. That's an "at your own risk" undertaking.
> Don't attempt it if you're not prepared to evaluate and accept the
> potential consequences for yourself. (If you have to ask, "What do you
> mean, 'potential consequences'?" then assume you're *not* prepared...)
Thanks for the suggestion, Randy, but I'll pass on doing a hex edit
this time around :-).
> [Tue, 20 Feb 2001 08:31:41 -0800] Don Kennedy:
> >I use Wells Fargo Bank's online banking features.
.
.
.
>
> I'm confused... does it work, or not?
You & me both :-). It worked, *once* from work, but I haven't been able to
reproduce it. It's never worked from home (until tonite - see below).
Win98 at home, WinNT at work.
> I don't have a Wells Fargo account, so I can't test any of this in depth.
> Opera passes their "browser test":
> http://www.wellsfargo.com/per/browsertest.jhtml?bit=40
> and gets through at least some of pages for establishing a new account ---
> but I stopped where I would have had to enter real information.
I reset my browser From Mozilla 4.76 to ID as Opera, then exited & restarted
just to make sure. I went to the page you quoted, and my browser was IDed as
Netscape 4.76! Unless Opera's not really listening to the ID setting, WF is
using some other means to tell what browser I have.
Then, I tried the online banking page. Sonofabeech, it worked.
So, I'm now quite confoozed, and unable to tell what Opera/WF combo does anymore.
Other than "using Mozilla 4.76 as an ID seems to work", and seems (somehow) to be
remembered even after changing it. Maybe WF is caching the ID based on IP
address or something..who knows? Not me, anymore..
Don Kennedy
they objected to with Opera, just that the've had problems with
"some browsers" - could be *any* of 'em. So, maybe they think Opera
has a password problem, maybe they don't - hard to tell from
their email. I'd readily believe Opera does the right thing in 5.02,
but I can't say about earlier versions.
Don Kennedy
>
> Even without further comment, I sent a copy of that page
> (URL) to AmEx with my complaint earlier. They thanked me
> and said they'd look into it. At the moment, I get in there
> with any setting other than Opera!
I probably could get into WF in the same manner, but I'm
not going to experiment with it - since it works with the
Mozilla 4.76 ID, that's what I'll use when I do my online
banking.
Wierd, though; another poster pointed me at their browser
qualification page (http://www.wellsfargo.com/per/browsertest.jhtml?bit=40),
and it thinks I'm using Netscape 4.76 even though I set the ID
back to Opera! So I think they're doing something funky besides
just looking at whatever the browser says. But. I'm not gonna
test that theory :-).
Matthew Winn
> I think you misunderstood; the msg from WF didn't say what specifically
> they objected to with Opera, just that the've had problems with
> "some browsers" - could be *any* of 'em. So, maybe they think Opera
> has a password problem, maybe they don't - hard to tell from
> their email. I'd readily believe Opera does the right thing in 5.02,
> but I can't say about earlier versions.
One of the paragraphs you quoted was:
> "We understand that you cannot access your account information using
> Opera's implementation(s). Unfortunately, at this time, this
> browser does not meet our strict security guidelines."
To me that clearly says that they think Opera has a problem.
As far as I can remember Opera has never stored website passwords,
which makes it the most secure browser there is. Any software which
types your password for you is broken.
--
Matthew Winn (mat...@sheridan.co.uk)
Richard Grevers
sue....@worldnet.att.net said...
I hope you've pointed out that Opera (4.x onwards) can never hide its identity since the
word Opera is in every version of its UA string, no matter what other spoofing content is
there.
Lin Jones
<3A960905...@earthlink.net>:
>Wierd, though; another poster pointed me at their browser
>qualification page
>(http://www.wellsfargo.com/per/browsertest.jhtml?bit=40), and it
>thinks I'm using Netscape 4.76 even though I set the ID back to
>Opera! So I think they're doing something funky besides just looking
>at whatever the browser says. But. I'm not gonna test that theory
>:-).
>
>
I get that Netscape 4.76 ID on their page and I always ID as IE.
Things just seem to get weirder and weirder. I'm just glad that the
person/s who do their web pages/browsertests/etc. doesn't work for
me.
Lin
Li
Dave Mann
"Don Kennedy" <donke...@earthlink.net> wrote in message
news:3A953E95...@earthlink.net...
Maybe time to talk to the Bank of America folks. I have their on line
banking and when I talked to Tech support (before installing Opera) one of
their tech people, told me that she was also running BeOS and Opera at home.
Works like a flash for me, of course, it is running on BeOS so it will
naturally be much faster than Win98.
Regards,
Dave
Cat
I have the same problem; matter of fact I cannor run Opera 5.02 with cookies on, it promptly crashes. However; a long time ago (Opera 5, I think,
I did get thru to fargo WITH and WITHOUT Java. So, it is possible, but until the Opera divas fix the cookies, I am stuck with MSIE 5.0 for
banking.