Friday, September 21, 2007

Updated HSBC Password Easyfier

I figured out that the HSBC security key mechanism is much simpler than before. The security key input is a regular password input, the protection against keyboard entry is simply a function that fires on key down and cancels your input. This is very easily defeated by simple reassigning the event handler to a dummy function!

See the new user script: http://userscripts.org/scripts/show/9832

// ==UserScript==
// @name HSBC Password Easyfier
// @namespace hsbc
// @description Lets you input your Security Key with your keyboard
// @include https://www.us.hsbc.com/*
// ==/UserScript==

window.addEventListener('load', init, false);
function init() {
var oldPassInput = document.getElementById("password");
if(undefined != oldPassInput){
oldPassInput.setAttribute("onkeydown", function(e){})
}
}

Thursday, July 5, 2007

Catalyst on GoDaddy Shared Hosting

I'm staring a new web application with a coworker.
He already has a hosting account with GoDaddy, so I had my choice of Java, PHP, Perl, Ruby, or Python2.2

Now, while I would have liked to use Django, I don't believe supports goes all the way back to Python2.2

So, now I am attempting to try out the Perl framework Catalyst. I've never written much in Perl before, but I'm attracted by the seemingly huge CPAN repository, and my bad experience with configuring Tomcat in the past. If this doesn't work out then I may end up with CakePHP.

To start out I googled for installing Catalyst on a shared hosting environment, however everything seemed to require shell access, which I don't seem to have at GoDaddy.

Looking for something like php_info for perl, I was able to find a nice script from MoveableType which checks for module installation and various other settings. Look here: http://www.sixapart.com/movabletype/docs/mtinstall#checking%20for%20perl%20modules
for mt-check.cgi

It's showing that I have a nice ext_lib directory in my home directory where I suppose I can put extra Perl modules, hopefully making this endeavor actually possible.

Tuesday, June 12, 2007

// ==UserScript==
// @name HSBC Password Easyfier
// @namespace hsbc
// @description Let's you input your Security Key with your keyboard
// @include https://www.us.hsbc.com/1/2/!ut/p/_s.7_0_A/7_0_23D
// ==/UserScript==

window.addEventListener('load', init, false);

function enterKey() {
var s = document.getElementById("secKey").value;
for(i=0; i<s.length; i++){
unsafeWindow.handleKey(s[i]);
}
}

function init() {
var newRow = document.createElement('tr');
var td1 = document.createElement('td');
var td2 = document.createElement('td');
var lbl = document.createElement('label');
lbl.setAttribute('for', 'secKey');
lbl.innerHTML='<em>Security Key:</em>';
td1.appendChild(lbl);
var key = document.createElement("input");
key.setAttribute("id", "secKey");
key.setAttribute("type", "password");
key.setAttribute("tabindex", "2");
key.setAttribute("maxlength", "30");
key.setAttribute("size", "15");

td2.appendChild(key);
newRow.appendChild(td1);
newRow.appendChild(td2);
var row = document.getElementById("memorableAnswer").parentNode.parentNode;
row.parentNode.insertBefore(newRow, row.nextSibling);
key.addEventListener("blur", enterKey, false);
}
// ==UserScript==
// @name HSBC Password Easyfier
// @namespace hsbc
// @description Let's you input your Security Key with your keyboard
// @include https://www.us.hsbc.com/1/2/!ut/p/_s.7_0_A/7_0_23D
// ==/UserScript==

window.addEventListener('load', init, false);

function enterKey() {
var s = document.getElementById("secKey").value;
for(i=0; i<s.length; i++){
unsafeWindow.handleKey(s[i]);
}
}

function init() {
var newRow = document.createElement('tr');
var td1 = document.createElement('td');
var td2 = document.createElement('td');
var lbl = document.createElement('label');
lbl.setAttribute('for', 'secKey');
lbl.innerHTML='<em>Security Key:</em>';
td1.appendChild(lbl);
var key = document.createElement("input");
key.setAttribute("id", "secKey");
key.setAttribute("type", "password");
key.setAttribute("tabindex", "2");
key.setAttribute("maxlength", "30");
key.setAttribute("size", "15");

td2.appendChild(key);
newRow.appendChild(td1);
newRow.appendChild(td2);
var row = document.getElementById("memorableAnswer").parentNode.parentNode;
row.parentNode.insertBefore(newRow, row.nextSibling);
key.addEventListener("blur", enterKey, false);
}

Sunday, June 3, 2007

Javascript Password Protection

I get annoyed by websites, generally online banks, which require you to input your password using little on-screen keyboards. So annoyed in face that I wrote this little Grease Monkey script. This script is specifically designed for HSBC, however if there's a request I will look into adapting it for your own bank.
I understand that purpose of these keyboards. They prevent your password from being stolen by keyloggers. So if you have any doubt about the security of your computer you should not use this script, and I am in no way responsible for any problems you may have with the use of this script. Use at your own risk.
However, if you choose to accept this risk you can save countless seconds by not having to remove your fingers from the keyboard!


// ==UserScript==
// @name HSBC Password Easyfier
// @namespace hsbc
// @description Let's you input your Security Key with your keyboard
// @include https://www.us.hsbc.com/1/2/!ut/p/_s.7_0_A/7_0_23D
// ==/UserScript==

window.addEventListener('load', init, false);

function enterKey() {
var s = document.getElementById("secKey").value();
for(i=0; i unsafeWindow.handleKey(s[i]);
}
}

function init() {
var newRow = document.createElement('tr');
var td1 = document.createElement('td');
var td2 = document.createElement('td');
var lbl = document.createElement('label');
lbl.setAttribute('for', 'secKey');
lbl.innerHTML='Security Key:';
td1.appendChild(lbl);
var key = document.createElement("input");
key.setAttribute("id", "secKey");
key.setAttribute("type", "password");
key.setAttribute("tabindex", "2");
key.setAttribute("maxlength", "30");
key.setAttribute("size", "15");

td2.appendChild(key);
newRow.appendChild(td1);
newRow.appendChild(td2);
var row = document.getElementById("memorableAnswer").parentNode.parentNode;
row.parentNode.insertBefore(newRow, row.nextSibling);
key.addEventListener("blur", enterKey, false);
}
]]>