Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor. If investing please consider our affiliate links for new accounts: Sharesies or Hatch. To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification



taniwha

961 posts

Ultimate Geek

Trusted

#16087 24-Sep-2007 14:17
Send private message

WHY OH WHY does ANZ go to such great lengths to *hide* the url within their internet banking?

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
Affiliate link
 
 
 

Affiliate link: NordVPN allows you to securely access the Internet, encrypt your connection and keep your browsing history private.
rscole86
4532 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #87902 24-Sep-2007 14:32
Send private message

sorry? Hide which URL?

I take it you do not mean anz.co.nz?

Noviota
77 posts

Master Geek

Trusted

  #87906 24-Sep-2007 14:43
Send private message

I have the log on page at https://www.anz.com/nz/inetbank/bankmain.asp bookmarked

taniwha

961 posts

Ultimate Geek

Trusted

  #87907 24-Sep-2007 14:47
Send private message

yes, but why would a bank want to hide their URL? isn't just what a phisher would do? ANZ.co.nz (and the australian equiv) go to great lengths to turn off the address bar using javascript - what's the logic behind this?



NokiaRocks
362 posts

Ultimate Geek

Trusted

  #87909 24-Sep-2007 14:50
Send private message

I just find all the pop-ups and browser close messages ANZ give me everytime i Login/Logout annoying.

Nightwyrm
588 posts

Ultimate Geek

Trusted

  #87911 24-Sep-2007 15:05
Send private message

taniwha: yes, but why would a bank want to hide their URL?

Why would you need to see it?




Post-geek, opinionated mediaphile, and natural born cynic. Jack of all genres, master of none.

barf
643 posts

Ultimate Geek


  #87915 24-Sep-2007 15:34

lugh: Why would you need to see it?

so that you know you're logging into anz.com and not somedodgyphisher.com

probably, ANZ just want to make the URL look tidy and less cluttered, harmless enough but I don't want wool over my eyes either




Sniffing the glue holding the Internet together

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #87917 24-Sep-2007 15:41
Send private message

There are some real plonkers at ANZ. As you know the internet banking site is actually hosted on anz.com/nz but when XP SP2 came along with the IE popup blocker ANZ posted detailed instructions with pictures showing you how to add anz.co.nz to the filter so it would be excluded. This of course didn't work!




Nightwyrm
588 posts

Ultimate Geek

Trusted

  #87919 24-Sep-2007 15:44
Send private message

sbiddle: There are some real plonkers at ANZ.

Thanks Tongue out (although I like to think I work for ANZ National - a somewhat different beast)




Post-geek, opinionated mediaphile, and natural born cynic. Jack of all genres, master of none.

taniwha

961 posts

Ultimate Geek

Trusted

  #87922 24-Sep-2007 15:50
Send private message

lugh: Thanks Tongue out(although I like to think I work for ANZ National - a somewhat different beast)

So lugh, can you hit the internet banking team with a clue stick for us???

Nightwyrm
588 posts

Ultimate Geek

Trusted

  #87923 24-Sep-2007 15:59
Send private message

taniwha: So lugh, can you hit the internet banking team with a clue stick for us???

If you pay for me to go to Aussie Wink.  Unfortunately, as I'm in a different technology area, I can't talk to the specific reasons for this . 

Barf, I'm not convinced that it would be that easy to go to a dodgy version of the ANZ site without going through a hoax email and I reckon you'd have to be really naive to do that nowadays (saying that, it does still happen).  Isn't the basic rule of thumb nowadays to not go to a bank site through an email link? 




Post-geek, opinionated mediaphile, and natural born cynic. Jack of all genres, master of none.

taniwha

961 posts

Ultimate Geek

Trusted

  #87925 24-Sep-2007 16:11
Send private message

the basic training i'd give someone to make sure they aren't being phished is to CHECK THE URL...



Now, anz have hidden this.



It's now left down to a single point of failure, the integrity of their http://www.anz.co.nz/



That's plain old http, not SSL. You'd only need to stick in a proxy in someone's path, or some DNS tricks, and return a different response - then you'd be "popup-ed" off to a https://dodgyphisingsite.com, with a valid SSL cert and you'd never know unless you jumped through hoops to reveal the url again.


Nightwyrm
588 posts

Ultimate Geek

Trusted

  #87926 24-Sep-2007 16:16
Send private message

Damn, good thing I'm not in the internet banking teams Surprised.  I can pass your comments along though.




Post-geek, opinionated mediaphile, and natural born cynic. Jack of all genres, master of none.

barf
643 posts

Ultimate Geek


  #87929 24-Sep-2007 16:31

lugh: Barf, I'm not convinced that it would be that easy to go to a dodgy version of the ANZ site without going through a hoax email and I reckon you'd have to be really naive to do that nowadays (saying that, it does still happen). Isn't the basic rule of thumb nowadays to not go to a bank site through an email link?


email link or bookmark or typed URL- give a skilled attacker access to your network or your PC and your DNS lookups can be spoofed in seconds.
i think hiding URLs is just adding to the confusion an attacker already has against a victim. i get used to seeing index.php?sessid=nmbcvmbaivbu928r5 and would be suspicious if this was missing.




Sniffing the glue holding the Internet together

rwales
122 posts

Master Geek


  #87972 24-Sep-2007 20:03
Send private message

lugh: Why would you need to see it?

No reason at all. In fact, it's summarized nicely right here: http://www.anz.com/helpcentre/faq?q=2293931

mpeel
1 post

Wannabe Geek


  #87986 24-Sep-2007 21:25
Send private message

Agreed, I always found that kinda dumb and rather annoying.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

D-Link G415 4G Smart Router Review
Posted 27-Jun-2022 17:24


New Zealand Video Game Sales Reaches $540 Million
Posted 26-Jun-2022 14:49


Github Copilot Generally Available to All Developers
Posted 26-Jun-2022 14:37


Logitech G Introduces the New Astro A10 Headset
Posted 26-Jun-2022 14:20


Fitbit introduces Sleep Profiles
Posted 26-Jun-2022 14:11


Synology Introduces FlashStation FS3410
Posted 26-Jun-2022 14:04


Intel Arc A380 Graphics First Available in China
Posted 15-Jun-2022 17:08


JBL Introduces PartyBox Encore Essential Speaker
Posted 15-Jun-2022 17:05


New TVNZ+ streaming brand launches
Posted 13-Jun-2022 08:35


Chromecast With Google TV Review
Posted 10-Jun-2022 17:10


Xbox Gaming on Your Samsung Smart TV No Console Required
Posted 10-Jun-2022 00:01


Xbox Cloud Gaming Now Available in New Zealand
Posted 10-Jun-2022 00:01


HP Envy Inspire 7900e Review
Posted 9-Jun-2022 20:31


Philips Hue Starter Kit Review
Posted 4-Jun-2022 11:10


Sony Expands Its Wireless Speaker X-series Range
Posted 4-Jun-2022 10:25









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.