homepage Welcome to WebmasterWorld Guest from 184.73.104.82
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Browsers / Opera Browser Usage and Support
Forum Library, Charter, Moderator: open

Opera Browser Usage and Support Forum

This 42 message thread spans 2 pages: < < 42 ( 1 [2]     
Browser Wars : Wells Fargo Blocks Opera
Brett_Tabke

WebmasterWorld Administrator brett_tabke us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 497 posted 9:34 pm on Feb 2, 2005 (gmt 0)

As of 8am today - Wells Fargo (one of the largest Banks in the United States) began blocking Opera browser from it's online banking.

For Online Access with Wells Fargo You Must Use a Supported Browser

Wells Fargo no longer supports the browser version you are using. Please upgrade to a supported browser in order to get access to Wells Fargo's secure sites.

Please upgrade your browser now.

This is not the first bank we have heard doing this recently.

Has someone been on an anti browser party latly?
Will Opera Software take legal action again?

Related
Opera wins $12 million in Denial of Service Suit:
[webmasterworld.com...]

PC World Names Opera Best Browser of 2004
[webmasterworld.com...]

 

plumsauce

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 497 posted 3:50 am on Feb 3, 2005 (gmt 0)

WF consider the password-saving feature of the wand is contrary to their security goals.

and so they should

...insecure and this complete lack of communication was the main reason why we after trying to discuss it with them for a couple of years in the end decided to spoof id completely.)

maybe Opera's attitude had something to with it. the above quoted post even had a snippet of javascript to show how a user can bypass autocomplete=off attributes in the originating page from WF.

by issuing a cloaking patch that applies only to WF, they are specifically interfering with transactions between WF and their clients. why wouldn't WF ban the browser? wouldn't you?

furthermore, consider that the display of ads by the free version of Opera while the browser is open on the WF site is an invitation for code injection phishing/pharming exploits. should WF wait until it actually happens?

and i found this:

As was mentionned previously, individual sites can disable the wand if they do not wish passwords to be saved on their site (truth be told, I think anybody who figures they can tell me how I should protect my data can go, uh, pleasure themselves.) The problem many sites seem to have with Opera is that Opera retains page state when using the back button on secure pages, which is a potential security issue (especially since Opera can reopen closed windows). I believe that will be fixed in Opera 7.60.

Edit: the problem isn't that Opera retains page state when using the back button on secure pages, but that it didn't follow the must-revalidate directive before 7.54u1. That is now "fixed", actually leading to reduced usability because of all the "webmasters" out there with improperly configured servers.

So WF should be expected to track the version at the .0X level? Especially when Opera is cloaking its version to begin with? Would you write code to accomodate such idiocy?

[edited by: plumsauce at 4:21 am (utc) on Feb. 3, 2005]

StupidScript

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 497 posted 4:17 am on Feb 3, 2005 (gmt 0)

I gotta say, you're right, plumsauce.

<edit>What do you think the author meant by
leading to reduced usability
? If it's fixed, doesn't that mean that all the other browsers are in the same position?</edit>

<edit2>
As was mentionned previously, individual sites can disable the wand if they do not wish passwords to be saved on their site.

If this is a server-side programmatic solution to a security hole, then (a) WF needs to lighten up and implement it and (b) where can I find this bit of code?</edit2>

balam

10+ Year Member



 
Msg#: 497 posted 4:56 am on Feb 3, 2005 (gmt 0)

From where I sit, this is a "neither here nor there" issue, but I've got to say that I've lost a lot of respect for Opera, since this certainly seems to be Opera's fault.

From the Opera forums ( [my.opera.com...] ):


[Some fellow posited...]

I'd be willing to bet that Opera is deliberately doing this so that in the past, Opera could bypass whatever broken browser sniffing Wells Fargo used to do.


[And an Opera developer responded...]

Yes. In order to make the site usable for Opera users we have for some time been using a non-Opera User Agent against Wells Fargo's site.

We are currently evaluating this policy in light of recent events.

(Emphasis mine.)

So Opera added code to their browser that specifically mucks about with a financial website, and people whine when said financial site bans Opera?!

Think of it this way: the browser is using deceptive tactics to gain access to confidential financial information.

I wonder what other, uh, "easter eggs" Opera hides...

Teknorat

10+ Year Member



 
Msg#: 497 posted 5:14 am on Feb 3, 2005 (gmt 0)

No think about it this way, the Browser is changing its U/A without the knowledge of the user.

iamlost

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 497 posted 6:40 am on Feb 3, 2005 (gmt 0)

Further to this story:

Junior Member Brett_Tabke posted a link to this thread in Operas Open Web Forum and got this response:

[my.opera.com ]

Known problem: [my.opera.com ]

AFAIK v7.54u1 and v7.54u2 should work OK. Earlier versions will not work, and 8.0 beta does not0, at present, implement the any specific spoofing for this bank.

We have not yet been able to find out exactly why Wells Fargo blocks Opera. Attempts to find out have not been succesful. Some indications have been given in answer to other people's queries, but we have been unable to verify those (We also believe what has been indicated as the reason is not a problem with 7.5x).
Sincerely,
Yngve Pettersen
Opera Software

<edited: added link>

Brett_Tabke

WebmasterWorld Administrator brett_tabke us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 497 posted 11:53 am on Feb 3, 2005 (gmt 0)

After being on the phone with Wells for about 20mins, I was told:

"We stopped supporting opera because it saves form values such as passwords and login ids.

I hope Opera can redo the agent name for Wells again.

Easy_Coder

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 497 posted 2:27 pm on Feb 3, 2005 (gmt 0)

Nice follow-up Brett. Turns out that WF has their customers best interests in mind.

Teknorat

10+ Year Member



 
Msg#: 497 posted 11:50 pm on Feb 3, 2005 (gmt 0)

"We stopped supporting opera because it saves form values such as passwords and login ids."

Best interests maybe, but since when is the bank responsible for the consumers security choices?

digitalghost

WebmasterWorld Senior Member digitalghost us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 497 posted 11:51 pm on Feb 3, 2005 (gmt 0)

Since they've been entrusted with the client's money...

Captain Tylor

5+ Year Member



 
Msg#: 497 posted 6:15 am on Feb 4, 2005 (gmt 0)

We stopped supporting opera because it saves form values such as passwords and login ids.

Ok, I must be missing something here. Isn't that exactly what most browsers do anyway? I know FireFox offers to save form data all the time when I use it, and Safari has a similar option(turned it off though). I would assume IE can too. Or is this a different kind of saving than what Opera does?

Brett_Tabke

WebmasterWorld Administrator brett_tabke us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 497 posted 9:59 pm on Feb 4, 2005 (gmt 0)

other browsers support a nonstandard tag to stop pw/id caching.

rogerd

WebmasterWorld Administrator rogerd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 497 posted 3:41 pm on Feb 5, 2005 (gmt 0)

All the major financial sites I use force a fresh login - at most, they will remember your username but require password entry.

This is a reasonable precaution, IMO. While some individuals may employ good security practices at the machine level (user authentication on bootup, inactivity lockout, etc.), most users are lazy; if they left their notebook somewhere, or if their dog-sitter was using their home PC, they'd be vulnerable. And for users who might choose to access their financial accounts from public PCs, some percentage would save their password intentionally or unintentionally.

The solution would seem to be for Opera to support the same tag that IE does. It's amazing that the Opera coders felt the best solution to the initial Wells Fargo problem was to spoof the user agent for that site.

It wouldn't surprise me that once this issue gets publicized other financial sites also ban Opera - probably many IT departments weren't aware of Opera's different approach to password caching. I'm betting Opera makes the change sooner rather than later.

This 42 message thread spans 2 pages: < < 42 ( 1 [2]
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Browsers / Opera Browser Usage and Support
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved