Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: open
For Online Access with Wells Fargo You Must Use a Supported Browser
Wells Fargo no longer supports the browser version you are using. Please upgrade to a supported browser in order to get access to Wells Fargo's secure sites.
Please upgrade your browser now.
This is not the first bank we have heard doing this recently.
Has someone been on an anti browser party latly?
Will Opera Software take legal action again?
Opera wins $12 million in Denial of Service Suit:
PC World Names Opera Best Browser of 2004
WF consider the password-saving feature of the wand is contrary to their security goals.
and so they should
...insecure and this complete lack of communication was the main reason why we after trying to discuss it with them for a couple of years in the end decided to spoof id completely.)
by issuing a cloaking patch that applies only to WF, they are specifically interfering with transactions between WF and their clients. why wouldn't WF ban the browser? wouldn't you?
furthermore, consider that the display of ads by the free version of Opera while the browser is open on the WF site is an invitation for code injection phishing/pharming exploits. should WF wait until it actually happens?
and i found this:
As was mentionned previously, individual sites can disable the wand if they do not wish passwords to be saved on their site (truth be told, I think anybody who figures they can tell me how I should protect my data can go, uh, pleasure themselves.) The problem many sites seem to have with Opera is that Opera retains page state when using the back button on secure pages, which is a potential security issue (especially since Opera can reopen closed windows). I believe that will be fixed in Opera 7.60.
Edit: the problem isn't that Opera retains page state when using the back button on secure pages, but that it didn't follow the must-revalidate directive before 7.54u1. That is now "fixed", actually leading to reduced usability because of all the "webmasters" out there with improperly configured servers.
So WF should be expected to track the version at the .0X level? Especially when Opera is cloaking its version to begin with? Would you write code to accomodate such idiocy?
[edited by: plumsauce at 4:21 am (utc) on Feb. 3, 2005]
<edit>What do you think the author meant by
leading to reduced usability? If it's fixed, doesn't that mean that all the other browsers are in the same position?</edit>
As was mentionned previously, individual sites can disable the wand if they do not wish passwords to be saved on their site.
From the Opera forums ( [my.opera.com...] ):
[Some fellow posited...]
I'd be willing to bet that Opera is deliberately doing this so that in the past, Opera could bypass whatever broken browser sniffing Wells Fargo used to do.
[And an Opera developer responded...]
Yes. In order to make the site usable for Opera users we have for some time been using a non-Opera User Agent against Wells Fargo's site.
We are currently evaluating this policy in light of recent events.
So Opera added code to their browser that specifically mucks about with a financial website, and people whine when said financial site bans Opera?!
Think of it this way: the browser is using deceptive tactics to gain access to confidential financial information.
I wonder what other, uh, "easter eggs" Opera hides...
Junior Member Brett_Tabke posted a link to this thread in Operas Open Web Forum and got this response:
Known problem: [my.opera.com ]
AFAIK v7.54u1 and v7.54u2 should work OK. Earlier versions will not work, and 8.0 beta does not0, at present, implement the any specific spoofing for this bank.
We have not yet been able to find out exactly why Wells Fargo blocks Opera. Attempts to find out have not been succesful. Some indications have been given in answer to other people's queries, but we have been unable to verify those (We also believe what has been indicated as the reason is not a problem with 7.5x).
<edited: added link>
We stopped supporting opera because it saves form values such as passwords and login ids.
This is a reasonable precaution, IMO. While some individuals may employ good security practices at the machine level (user authentication on bootup, inactivity lockout, etc.), most users are lazy; if they left their notebook somewhere, or if their dog-sitter was using their home PC, they'd be vulnerable. And for users who might choose to access their financial accounts from public PCs, some percentage would save their password intentionally or unintentionally.
The solution would seem to be for Opera to support the same tag that IE does. It's amazing that the Opera coders felt the best solution to the initial Wells Fargo problem was to spoof the user agent for that site.
It wouldn't surprise me that once this issue gets publicized other financial sites also ban Opera - probably many IT departments weren't aware of Opera's different approach to password caching. I'm betting Opera makes the change sooner rather than later.