LYNX-DEV More security stuff.

[Matt Ackeret]

I'm not trying to be a jerk, but:

Changing User-Agent to "Mozilla/4.04 [en]"  (without the quotes)
allowed me to log in to Wells Fargo online.

The one gotcha is that they go to a screen that says "verifying your 
information".. then you just sit there.  I presume they're using JavaScript
to tell the browser to reload..

Because after waiting a few seconds and nothing happened, I just hit ^R
and it logged me in fine.

It looked like I could then do everything.  Good.  At least I'll be able to
pay my bills if I forget to bring them to work or something. (Admittedly
it *is* a bit of a hassle to use this under Lynx.. but it's not as bad as
frames-from-hell sites.)


About this security stuff -- we all know that sites get hacked _into_ all the
time, but does anyone actually have *personal experience* with their own
web connection, or even their shell connection, being snooped on while
they were online?

In other words, what people seem to be complaining about is that:
1) Joe Schmoe uses modem to dial up to ISP's shell account
2) Mr. Schmoe then uses Lynx-SSL to do his banking stuff, thinking it's
secure.
3) Unbenkownst to him, Mr. Schmoe's entire telnet session is being snooped on,
so everything he types is being seen.

Is that it?  While this type of thing is possible, it seems *far* more 
likely for the people _running_ the ISP to be doing the snooping.  Plus,
using your credit card number over a telephone (maybe wireless phone, or
cellular) is proportionately far far more insecure... and people do that
all the time.