Forgot your password?
typodupeerror
Mozilla The Internet IT

Korea Post Office Supports XPCOM Based E-Banking 144

Posted by ScuttleMonkey
from the isn't-it-about-time dept.
Channy writes "Mozillazine is reporting that the Korean Post Office has decided to support Mozilla Firefox for internet banking and has started the developement project of an XPCOM based internet banking system. From the article: 'In past there were no web browsers for 128 bit encryption except Opera 3.5 for international users when Korea started internet banking services in 1998.'"
This discussion has been archived. No new comments can be posted.

Korea Post Office Supports XPCOM Based E-Banking

Comments Filter:
  • Now (Score:2, Interesting)

    by 42Penguins (861511)
    All they need to do is DROP support for IE.
    Also quite the undertaking switching 4700 from windows to linux.
    Yay for Korea and Korean memes!
    • Re:Now (Score:2, Interesting)

      by daviqh (906581)
      We could also have some more support in Mozilla Browser, and I hope they start support for that too.
    • by daviqh (906581)
      "Also quite the undertaking switching 4700 from windows to linux."

      <snicker> Perhaps we should also drop support for IE in Windows... </snicker>
    • Re:Now (Score:5, Insightful)

      by strcmp (908668) on Monday September 05, 2005 @09:31PM (#13486558)
      Why should they drop support for IE? It's still the most widely used browser, despite its many flaws.

      This is no worse than saying that they should drop support for Safari because it's so sparsely used.

      • by daviqh (906581)
        The point is that anyone relitively smart will know that it has tons of flaws, and wishes someone takes an act against it.
        • yes, but for a moment, consider the average person...

          now, 50% of the population is dumber than that...
        • Compete on features, not on dirty tricks.

          Aww screw it, who are we kidding. You morons would tell someone to ban IE from their website even if it would run them out of business.

          Why?

          Because you are a bunch of self rightous pricks. Thats it. You get on your high horse and you pontificate on matters which you don't really understand or have any business attempting to infuluence.

          But what the hell. This is slashdot. Thrust your hypocritcal ideologies on the shitheap. It doesn't matter. Nobody takes you se
          • Compete on features, not on dirty tricks.

            So presumably security, usability & interoperability don't get a look in then? As far as you're concerned, the more menu options & icons to click, the better then?

      • No, they should drop support for IE because it's unsafe to use.
        • Re:Now (Score:2, Interesting)

          by strcmp (908668)
          Unsafe for the client, but not the server... as far as I know. People should be aware that they browse "at their own risks" and do have a choice as to which browser to use. If some people want to use IE, well, they were warned.

          A better solution, of course, is to have a banking system that is not dependent on the underlying browser architecture.

          • Having a cross-browser system is important, yes, but if I were a bank I would seriously consider (artificially) locking out IE, in order to reduce the risk of fraud for my customers.
            • I can see it now! (Score:5, Interesting)

              by Agarax (864558) on Tuesday September 06, 2005 @12:49AM (#13487418)
              Oh yeah, I can see you at the board meeting now:

              You: "Well, sir. I think we should block out Internet Explorer users because their browser is unsafe."

              Boss: "Is it unsafe for us or them?"

              You: "Them. It would'nt really effect us. They are just more likely to become victims of identity theft through a virus."

              Boss: "Can they also get the same virus through an email attachment? Or by someone digging through their trash?"

              You: "... yes."

              Boss: "How many of our customers use IE?"

              You: "About 80%"

              Boss: "And what is there to prevent them from moving to another bank that DOES support their browser?"

              You: "Well, that would be a lot of trouble for them to go through. It's easier to just download a safe browser."

              Boss: "And what would we do about the advertisements our competitors would air stating that we don't properly support internet banking because we dropped support for IE? Getting new customers might become difficult."

              You: "Well ... we tell them that it is foolish of them to use Windows and Internet Explorer and that they should switch to something else."

              (Long Pause)

              Boss: "While we are at it, why don't we refuse entry to SUVs in the drive-thru ATM because the customer is more likely to scratch his paint and he is wasting the gas he paid for? You should stick to IT, you don't know jack about how a business works. "
              • by mrchaotica (681592) on Tuesday September 06, 2005 @03:58AM (#13488075)
                Boss: "Is it unsafe for us or them?"

                You: "Them. It would'nt really effect us. They are just more likely to become victims of identity theft through a virus."
                That's incorrect. In case you haven't noticed, most banks advertize that they'll bail their customers out when they get defrauded. So it does effect the bank, because they have to raise interest rates to cover their losses from fraud.
                Boss: "And what would we do about the advertisements our competitors would air stating that we don't properly support internet banking because we dropped support for IE? Getting new customers might become difficult."
                We tell them that, (apparently) unlike other banks, we care about their financial well-being, and try to do everything possible to ensure a safe electronic banking experience.
      • Why should they drop support for IE?

        Because it is standards-challenged?

        • Since when is XPCOM a "standard" for anyone but the Mozilla foundation?

          You might as well call Firefox 'standards-challenged' because it doesn't support ActiveX*.

          * BZZT WRONG THERE IS AN EXTENSION JUST DOWNLOAD AND INSTALL IT AND MAKE SURE NEVER TO UPGRADE FIREFOX WITHOUT CHECKING FOR EXTENSION COMPATIBILITY FIRST
      • While I'm not is support for such a non-standard implementation unless it's absolutely nessisary, there is a big difference between being firefox only and safari. Firefox is cross-platform, it works on mac, linux, and most importantly windows. It's a lot easier for people to do a free 5mb download than get a whole new computer.
    • I might not have been too hard to get people to switch because in Korea, only old people run Windows.
    • No, you need to drop your self-rightous worthless opinons. Who do you think you are? Compete on features, not on dirty tricks. Aww screw it, who are we kidding. You morons would tell someone to ban IE from their website even if it would run them out of business. Why? Because you are a bunch of self rightous pricks. Thats it. You get on your high horse and you pontificate on matters which you don't really understand or have any business attempting to infuluence. But what the hell. This is slashdot. Thru
    • Never gonna happen. Korea is a windows monoculture.

      Not that it's unique in that respect.

      L
    • FTA: After browser war, it was useless the NSplugin for internet banking, so most of bank support only Active-x plugin. So some Mac and Linux users are troubled on using internet banking.

      Though they were troubled, they were likely not as troubled as the "Active-x" users.

    • What they'll be delivering, as far as i understand it, is a custom application designed around some Mozilla technologies, mainly XPCOM but perhaps also using the XUL engine for UI.

      they're not delivering a custom browser or browser content. it's a custom app making good use of Mozilla techs.
  • by weighn (578357) <weighn@gm[ ].com ['ail' in gap]> on Monday September 05, 2005 @09:11PM (#13486469) Homepage
    Only old people use secure internet banking.

    The kiddies are swapping cvs details over Telnet.

  • Great news! (Score:2, Interesting)

    by webby123 (911327)
    Great news, does this mean they will be including a "get firefox" icon on their website?
  • Microsoft (Score:1, Flamebait)

    by jasonBTV (911446)
    Anything that helps take market share away from Microsoft...
  • by petermgreen (876956) <plugwashNO@SPAMp10link.net> on Monday September 05, 2005 @09:19PM (#13486501) Homepage
    is this north korea south korea or both?
    • Maybe they both share a post office? They are based in Seoul, and their site says nothing about who they serve, but perhaps it is whatever side of Korea Seuol is on. Just my $.02
      • Re:which korea? (Score:3, Interesting)

        You're right that it says it's in Seoul, so it would be in South Korea.

        (You're completely mistaken if you think that North and South Korea would want anything to do with each other. Here's a hint: there's troops on each side of the border between them.)
        • Re:which korea? (Score:4, Informative)

          by natrius (642724) <niran@nir a n .org> on Monday September 05, 2005 @10:25PM (#13486794) Homepage
          You're completely mistaken if you think that North and South Korea would want anything to do with each other. Here's a hint: there's troops on each side of the border between them.

          "It's time for us to put an end to history of dissension, and open an era of national integration. This also means laying the grounds to surmount division, and to ring in a reunified era ruled by peace and prosperity."
          - South Korean President Roh Moo-hyun [bbc.co.uk]

          Sure, there's some tension there, but I think saying that they want nothing to do with each other is a bit much. That'd be a better characterization for Pakistan and India, where some of the people actually dislike each other. I don't think the North and South Korean people actually dislike each other, but one group just happens to be ruled by a crazy dictator.
          • Re:which korea? (Score:3, Interesting)

            by AstroDrabb (534369)
            Huh? You are quoting _SOUTH_ Korea. There is a _huge_ difference between what South Korea wants and what North Korea wants. South Korea is basically democratic. North Korea is a dictatorship.

            where some of the people actually dislike each other. I don't think the North and South Korean people actually dislike each other

            I agree with you there. However, there is the HUGE problem of the North Korean dictator that is know for having pretty bad human rights violations. I doubt many South Koreans would vol

    • One theroy suggests that perhaps under 5 minutes ago, Korean's in North and South Korea decided to "merge". Somehow in that time we didn't find out about it and the Postal offices merged and changed their name.
    • by damsa (840364) on Monday September 05, 2005 @09:31PM (#13486565)
      North Korea doesn't have internet nor money. My bet that this is South Korea.
    • mod funny. haha north korea. FYI, think of how many koreans you know that call themselves south korean instead of korean and you will understand why korean is used.
    • I'm really glad the parent got modded 'funny'. Must be another geographically-challeneged american.

      L
      • fyi i'm a brit not an american though i wouldn't say geography is my strong point.

        p.s. seems i lost karma on my original post due to the combination of funny and overrated :(

  • by Anonymous Coward on Monday September 05, 2005 @09:23PM (#13486518)
    All you need to do is support a standard web browser (without requiring activeX crap to work), and firefox works fine.

    My bank doesn't "support" firefox, but it works great.
    • Yeah. My bank only mentions Netscape and Explorer on their site, but also say that any Javascript-enabled browser with 128 bit or better security should work. A few years ago they were IE-specific, which used to irritate me ... for the one thing I do online that I really want to be secure I had to use the world's least secure browser. But they got with the times.
  • SEED? (Score:5, Informative)

    by erikharrison (633719) on Monday September 05, 2005 @09:26PM (#13486532)
    The article is a little ambiguous - this seems to be only for SEED, a Korean only strong encryption algorithm, which itself isn't native to browsers, which is why they required activex in the first place.

  • by uits (792760) on Monday September 05, 2005 @09:30PM (#13486554)

    Because they were unable to use 128bit SSL in 1998, they are going to develop internet banking that is dependent on Mozilla XPCOM, instead of taking a cross platform standard SSL approach now?

    While Mozilla is ostensibly a better platform to be locked into than Microsoft, is this really a big benefit?

    Someone please translate for the layman (me)

    • Mozilla is a corperation now, and not to start a conspiricy theroy, but maybe
      <winkwinknudgenudge> there is some cash flow below the table.</winkwinknudgenudge>
    • I'd say it's because they have all their SEED technology in place, and don't want to replace that. Especially since it currently works. Producing a XPCOM based plug-in for Mozilla based browsers lets them connect to SEED encrypted connections, without replacing infrastructure.
    • by Anonymous Coward
    • by ihavnoid (749312) on Tuesday September 06, 2005 @12:17AM (#13487255)
      First, I'm a Korean citizen who uses on-line banking every day.

      Just as the article mentions, 128-bit SSL wasn't an option when the internet-based banking started on 1998, so Korea had to develop their own standards. Since there are more than 10 million SEED-based certificates issued on this country, changing the whole infrastructure into SSL would be crazy.

      Yes, certficates are issued to everybody who needs an on-line banking account, since itself is used as an authentication method. To get a certificate, you have to visit any bank that you have an account, ask them for on-line banking, and they will give you a one-time password for issuing your certificate (valid for one week).

      Everything else is handled on-line. Since the authentication system is a national standard, it works with any bank, any credit card company, and I remember it also works on the stock market. You don't need any offline registration to use it on another bank.

      The certificate is password-protected, just like any other certificate. I believe the certificate is node-locked. If you want to export/import the key, you need the password associated with the key.

      I'm not sure how many of these kind of features are supported by SSL, but even if IE/Firefox/Opera's SSL has more features, I don't think it's a good idea to replace a system that works well. Yes, I hate ActiveX, but I don't want to see 10+ million Korean citizens visit the bank for re-issuing their certificate.
      • by stoev (103408)
        Are there any free open source implementations of SEED? I think a change to SSL should be discussed. I am also in Korea (I work here). In 10 minutes I will extend my SEED key online, which expires soon. I will not go to my bank (which is 50 meters from me). The same method can be used to change all the keys to SSL. No need to visit the bank office.

        My personal opinion is, that the existing e-banking system in Korea is substandard. ActiveX requires admin on XP to install and most banks install 2-3 other activ
      • It is a real pity they didn't go with Opera at that time... Obviously, it was an option.
      • Why every 10+million Korean citizen need a personal certificate to use ebanking in the first place?? There are far simpler and as secure (or even better) methods for e-banking. Example? Look at the methods some Swiss banks like UBS use. The web interface is a simple SSL secured page. Each e-banking user receives a smart-card and a smart-card reader (the size and shape of a small pocket calculator). Now, user should set a password for the smart-card the first time he/she receives it and the hash key will be
  • Xpcom should, really, be available in a standalone tarball, so that it can be built, tested and deployed independently. Does anyone know, whether such a thing exists somewhere?

    Mozilla is quite infamous for bundling everything (and the kitchen sink) into one. Only OpenOffice is worse...

      • Thank you! However, according to the page, it was last updated in 2000 and:

        xpcom standalone differs from the xpcom built with mozilla. Hence cannot be used with the mozilla browser.

        I'd like to be able to build and test a modern xpcom independently, so that various mozilla-based browsers and e-mail programs can be built using it instead of each using its own with its own unique set of bugs...

        Finally, there is no release of XPCOM standalone -- nothing on the FTP site and the download instructions on the p

    • IMHO this was a strong point in Mozilla that is now weakened by Firefox, Thunderbird etc.

      Especially in the way these programs are packaged now, you cannot upgrade them (and Gecko) independently. Configuration management in a business network has also been made even more complicated.

      I like integrated software. Users often like it, too. Especially in the field of open source and non-M$ software, as integration between different programs is often a lot weaker than integration within such a large package.
  • Post office (Score:5, Interesting)

    by DavidBartlett (748559) on Monday September 05, 2005 @11:29PM (#13487046)
    In case you were wondering, most bills are paid at the post office in Korea.
  • XPCOM is cross-platform in the sense that it compiles on different platforms but it's not interoperable between them. Neither does one binary run on many platforms. So why is this necessarily good for Mac or Linux users? This bank would still need to build and distribute whatever it is for them too. Who says they will?

    Secondly unless someone has built a SOAP bridge into Firefox, XPCOM runs strictly in-process. It's quite possible someone has built such a bridge, but XPCOM itself is mostly ignorant.

    So if all

    • The very idea of building a SOAP bridge or an AJAX service to talk to an encryption library is INSANE! Next you kids are going to want to invent a way to use /dev/null via NFS!

      The whole point of using a native ActiveX or XPCOM DLL is so you don't have to send your password over the network unencrypted. So why would you use an unencrypted SOAP network service to encrypt data you didn't want to send over the net? What bank in their right mind would do that?

      The AJAXian alternative would be to implement the

      • Firefox does do activex on Windows - there is a plugin for it. But if you're going to tell people grab a plugin, you may as well refactor your existing control and make it support NPAPI or XPCOM. Then you can port it to Mac / Linux eventually which is something you can't do with ActiveX

        Either way, ActiveX and plugins should be regarded as the final solution. It is possible to talk SOAP over SSL (if need be), or implement something with basic HTML with a bit of JS. Lots of banks do it and both IE and Firefox

  • Why is this an issue? If people don't like the way Internet Explorer works, why don't they release a virus that targets IE, downloads Firefox, patches it so that it looks like IE, and then uninstalls IE.

    That is why Microsoft have made IE so full of holes isn't it?

Those who can, do; those who can't, simulate.

Working...