Forgot your password?
typodupeerror
Internet Explorer Encryption Security

Why Internet Explorer Still Dominates South Korea. 218

Posted by timothy
from the stuck-in-a-rut dept.
New submitter bmurray7 writes "You might think that the country that has the fastest average home internet speeds would be a first adapter of modern browsers. Instead, as the Washington Post reports, a payment processing security standard forces most South Koreans to rely upon Internet Explorer for online shopping. Since the standard uses a unique encryption algorithm, an ActiveX control is required to complete online purchases. As a result, many internet users are in the habit of approving all AtivceX control prompts, potentially exposing them to malware."
This discussion has been archived. No new comments can be posted.

Why Internet Explorer Still Dominates South Korea.

Comments Filter:
  • Timmay! (Score:5, Insightful)

    by Anonymous Coward on Tuesday November 05, 2013 @10:30AM (#45335355)

    AtivceX? Go, Timmay! You're a kickass editor!

  • Macs? Linux? (Score:5, Interesting)

    by MightyYar (622222) on Tuesday November 05, 2013 @10:31AM (#45335363)

    From TFA:

    But those with Apple computers — for which IE isn’t available — have it harder. Some go to Internet cafes. Some rely on their office desktops. Some dash into hotel business centers. Some hold on to their old computers and boot them up when it’s time to make purchases. Still others depend on a secret weapon called Boot Camp, a software program that allows a Mac to run Windows.

    Holy crap!

    • Re:Macs? Linux? (Score:5, Insightful)

      by Anonymous Coward on Tuesday November 05, 2013 @11:13AM (#45335725)

      Macs and Linux? Those *are* a tiny minority, especially Linux. Your main problem is: the *extremely* common Android doesn't support ActiveX, neither do common iOS devices, the Metro version of IE (Windows is very common too obviously) and the only version of IE for WinRT/Phone/Mobile/CE don't support it as well (although very uncommon). Oh, and not the x64 version of desktop IE. It also doesn't work in very common web browsers like Firefox, Chrome and Safari (anything besides IE). And it won't work on anything that doesn't have a x86 CPU. Relying on ActiveX in 2013 is insane.

      • On tablets and smartphones, South Koreans donâ(TM)t need any particular browser for purchases â" but they do need to download special security apps that meet government standards.

        There's some kind of non-ActiveX solution for mobile devices. Who knows what the actual support list actually looks like, though...still, it means that some things without X86 and Windows will work.

    • by he-sk (103163)

      No virtual machines in South Korea?

  • by rebelwarlock (1319465) on Tuesday November 05, 2013 @10:34AM (#45335383)
    Banks here make you login to your online account by using a card reader with your ATM card. And of course, that requires an ActiveX control. The Cathay Bank site itself looks like it hasn't changed design since 1996.
    • by jonbryce (703250)

      Some banks in the UK do that as well, but it requires you to type an 8 digit number from the card reader into a text box on the website.

      • Some banks in the UK do that as well, but it requires you to type an 8 digit number from the card reader into a text box on the website.

        But at least these are completely separate from the computer (don't require ActiveX or anything) and they're standardised too so you can use the card reader from one bank, with a completely different bank.

    • by h4rr4r (612664)

      So how does mobile banking work?
      Android nor iOS support that.

      • They do if the bank releases an app for it. Though obviously that sidesteps the whole ActiveX issue entirely.
    • by locopuyo (1433631)
      I like the ones that yell out "PLEASE ENTER YOUR SECRET NUMBER" at extreme volumes to the entire building.
    • by Krojack (575051)

      That sounds even more insecure. Some malware that copies the read contents of the card and sends it off to some database. A different type of card skimming.

    • by Darinbob (1142669)

      Hmm, reminds me that I haven't logged into my banking account in a year. I just don't see the point of it, except when I can't find some paperwork for taxes.

  • by tepples (727027) <{tepples} {at} {gmail.com}> on Tuesday November 05, 2013 @10:34AM (#45335391) Homepage Journal
    Why hasn't the SEED cipher (RFC 4269) been reimplemented in Flash, Java, JavaScript, native code using an NPAPI plug-in (Netscape's counterpart to ActiveX, now used by Firefox), or native code using a PPAPI plug-in (Chrome's counterpart to ActiveX)? Without any chance of support for ActiveX on mobile phones or ARM-powered tablets, I'd guess it'd have to be.
    • by Anonymous Coward on Tuesday November 05, 2013 @10:58AM (#45335583)

      Well, according to the Wikipedia article linked in the summary, it is is supported in NSS, and hence in Firefox (since version 3.5.4).

      As for whether or not there is something else required as well as the cipher itself, dunno.

    • I'd be inclined to wonder if the issue isn't the cypher itself; but maldesigned websites that won't talk to anything except IE with the expected ActiveX plugin... Unless it is unbelievably arcane, or proprietary and legally encumbered, hacking out at least a bad implementation shouldn't be a particularly gargantuan task. You wouldn't necessarily want to trust an enthusiastic-novice interpretation of anything crypto related; but if you just want 'implements the protocol, doesn't scream horribly' rather than
  • ActiveX controls (Score:5, Informative)

    by noobermin (1950642) on Tuesday November 05, 2013 @10:35AM (#45335393) Journal

    I know too much about this. I'm a Korea-phile, so last year I applied to a graduate school in South Korea and they required me to download like 2 or so add-ons to IE to even complete the online application.

    • Is there an IE for non-Microsoft phones? Or do they just not buy anything from their phones/tablets?

      • Is there an IE for non-Microsoft phones? Or do they just not buy anything from their phones/tablets?

        Even if there were, it probably wouldn't help. 'ActiveX', in practice, is really woven more into Windows(and x86 Windows specifically, especially for the ActiveX controls that are basically just a dangerously easy way of executing native win32 code) than it is into IE, IE is just the transmission vector where you run into it.

        IE for Mac never supported it in any meaningful way, and even Windows Phone and WinRT either don't support it at all, or support only the architecture agnostic bits, which precludes

      • FTFA:

        On tablets and smartphones, South Koreans donâ(TM)t need any particular browser for purchases â" but they do need to download special security apps that meet government standards.

        Also, from Wikipedia [wikipedia.org]:

        As of late 2009, the NSS software security library in Mozilla's Gecko platform has implemented support for SEED and Mozilla Firefox as of 3.5.4 supports SEED.

        So, who knows exactly which mobile devices has the "special security apps", but people have been able to use Firefox for a few years (assuming the sites don't have hardcoded lists of user-agent IDs or something).

      • by Blakey Rat (99501)

        Even Windows Phone 7 and 8 won't run ActiveX. It's been deprecated by Microsoft for years, and I believe it'll be canned completely when IE7 runs out of support.

        Which means either Korea or Microsoft is going to have to do a lot of work in a little time.

    • by danomac (1032160)

      Dang, here I thought their internet connections were so fast that it didn't matter if you had a slow browser.

  • by Anonymous Coward

    So IE 11 isn't a "modern browser"?

  • by TWX (665546) on Tuesday November 05, 2013 @10:38AM (#45335409)
    I've seen similar issues all over the place, someone designs some proprietary-yet-essential service to use a proprietary plugin or other technology that's very platform and version specific. One just ends up using two web browsers, the old one that's required in order to make the stupid proprietary thing work, and the new one for one's normal browsing. It SUCKS from a support perspective as both browsers fight to be default, and users can't keep track of what pages load with what browser, etc, and that's not even beginning to address the security problems.
    • It doesn't help you if the antique browser insists on getting grabby; but situations like that usually make me resort to 'encapsulating' the oh-so-necessary-whatever-it-is behind a wrapper script that summons it in the antique browser (with as many features that might induce the user to navigate to another page, navigation bar, etc. as possible hidden or restricted) and hiding every other sign of the older browser's existence.

      If that isn't good enough, we keep a stash of assorted antique VMs in the freez
  • WTF? (Score:5, Funny)

    by yeshuawatso (1774190) on Tuesday November 05, 2013 @10:38AM (#45335411) Journal

    Even Microsoft is looking at SK and saying: "WTF? We don't even use ActiveX anymore."

    • Re:WTF? (Score:5, Funny)

      by simonbp (412489) on Tuesday November 05, 2013 @11:06AM (#45335665) Homepage

      Don't get on too high of a horse; Microsoft is also looking at Netflix and saying "WTF? Even we don't use Silverlight anymore."

  • I can relate... (Score:4, Informative)

    by Creepy (93888) on Tuesday November 05, 2013 @10:47AM (#45335511) Journal

    My work's HR system requires an ActiveX control with our smart card system. To make things worse, this system barely supports IE7 (apparently IE8 in compatibility mode works, as well, but IE9+ absolutely does not) and they only upgraded it to support 7 because Microsoft stopped supporting IE6. I actually created a VM explicitly so I can log into the HR system (because I HAVE to have IE9 or higher for my other work, since I work in html 5 and need to test on most major browsers). My ops group thought it was odd that I requested key card software installed on a VM, but when I explained my situation they did it (in fact, they set up a lab machine specifically for others with similar circumstances).

    Incidentally, nobody really uses IE except for the HR system, and everybody has an old version also because of the HR system. I believe the HR issue is money related and more related to SAP upgrade costs than key card (and I believe we paid SAP to integrate our key card access).

    • IE incompatibilities is the only reason we use XP Mode on any of our work PCs - some websites require 6, some requires 8 or newer. For us, it's mostly healthcare/insurance companies that we have to interface with that have the strictest (worst) compatibility requirements.

      • by mlts (1038732) *

        I wonder about using XenDesktop for a solution for something like that. That way, there is one VM with Windows Server 2003 or XP, and it isn't taking up space and resources on everyone's desktop.

        I've dealt with companies that even now, still require IE6, and actually use JScript hacks to check if a browser is masquerading. Those, I just fire up an XP VM, use that to browse the web, then when done, shut the VM down, drop the redo log. In fact, the VM is stored on one volume read-only and changes are store

    • I believe the HR issue is money related and more related to SAP upgrade costs than key card (and I believe we paid SAP to integrate our key card access).

      Aha! So that's why Elon builds his own IT [slashdot.org] backend system!

    • My work's HR system requires an ActiveX control with our smart card system.

      I think our university uses that same damn system. There's been a few instances when the doors wouldn't work because the the card controller got infected with some virus.

  • by unapersson (38207) on Tuesday November 05, 2013 @10:58AM (#45335579) Homepage

    It's like a microcosm of what might have happened worldwide had ActiveX been as popular as they'd wanted to be.

  • by no-body (127863)
    In Switzerland - IE dominates, reasons unknown 2 me...
  • than the green dam project... ;) and far cheaper too.
  • You might think that the country that has the fastest average home internet speeds would be a first adapter of modern browsers. Instead...

    Disingenuous. Just because you don't like it, doesn't mean you can seriously consider IE not to be a modern browser.

  • What the fucking fuck? You can run 3D game engines [unrealengine.com] completely in JavaScript, yet those bozos couldn't be bothered just to emscripten their fucking encryption code to let it run in the browser without using MS-specific technology? Sigh.

    • by freeze128 (544774) on Tuesday November 05, 2013 @11:36AM (#45335993)
      A noble spirit emscriptens the smallest man.
    • by tepples (727027)

      You can run 3D game engines completely in JavaScript

      Unless the installed browser blocks WebGL due to "unresolved driver issues" (such as Firefox on Ubuntu on an Atom N450 according to about:support). Or unless the installed browser doesn't implement WebGL at all (such as IE on XP or Vista, or Safari and Safari wrappers on iOS).

  • by agressiv (145582) on Tuesday November 05, 2013 @11:32AM (#45335945)

    As someone who did IT work in South Korea this year for couple of weeks, I never felt so defeated trying to upgrade 15 computers from XP to Windows 7. We basically had to give everyone admin rights just for them to do their job. Bank sites that had 11 (!) ActiveX plugins with 3-factor security (password, token, plus USB key with a cert) just for them to log in - and they routinely "update" their controls, which of course, require Admin rights.

    The branch manager didn't understand at first why we were having so much difficulty. I had to explain to him that if we adhered by our security standards, we'd have to close the branch because there wasn't a single operation they did which would otherwise be allowed.

  • I'd read about this before ... last year, I think. It's not exactly news.

    Having had to do some normal things in IE8 this week, I'm reminded that if I were forced to use that browser I'd probably spend a lot less time on the Internet (maybe that would be a good way to kick the addiction?) I find IE to be a stunningly unusable piece of software, that perfect nexus of slow, not helpful, and capable of choking on a website like a box of dicks.

  • M$ has made most of its profits from gov't contracts and users who don't know to expect better from a computing experience.

    I taught ESL in South Korea in 2001/2002...it was right after 9/11 and during the World Cup. The country was burgeoning as a bankable international business player...competiting with **Japan** with companies like Samsung...no coincidence that they co-hosted with Japan that year ;)

    Korea was **all about it**...they wanted the best of what was available...to them, the USA was the best at computer tech...so obviously they went with the most *popular* Operating System, and they **made sure** to buy **ALL** the expansion packs and do exactly as M$ suggested...

    Which means they've been on a never-ending nightmare Mobeius strip of a ride to user hell.....that, b/c of their trusting nature has painted them into an IT Engineering corner...which was M$ plan all along!

    • by dave420 (699308) on Tuesday November 05, 2013 @12:49PM (#45336653)

      I was beginning to doubt your post, but your repeated use of "M$" instead of "MS" shows you are both erudite and a wonderful writer: a combination sorely lacking elsewhere in this discussion.

      Hint: grow up.

      • by spitzak (4019)

        Trying over and over and over to tell people they are "childish" just makes you look childish. If it's "childish" then it will stand on it's own that way. People like you posting this sort of knee-jerk response every single time somebody says M$ just looks like desperation.

        In addition "MS" is no more valid of an abbreviation than "M$". The only proper abbreviation is "MSFT" as that is the stock symbol. Otherwise Microsoft wants the name spelled out. "MS" is the stock symbol for Morgan Stanley, and the abbre

  • by iONiUM (530420) on Tuesday November 05, 2013 @12:00PM (#45336249) Homepage Journal

    The summary is slightly miss-leading. There isn't 1 standard for ActiveX control, every single goddamn site uses their one ActiveX or Java applet, and you have to install it. I have never seen a more backwards methodology than what Korea has for online purchasing.

    The strange thing is, if you use a phone, things are much simpler (generally there is an app). In addition, because of Naver's dominance in the country, almost all sites are integrated with it, and at least offer ways of finding information through it (but not purchasing).

    • by CCarrot (1562079)

      The summary is slightly miss-leading.

      And where is it leading this hapless miss? To a handy haystack, perhaps? :o)

  • users are in the habit of approving all AtivceX control prompts

    Sure! What could possibly go wrong!?

    Now, where did I put the remote for my genuine Sorny television again...ah, here we go, right beside the Magnetbox stereo!

Administration: An ingenious abstraction in politics, designed to receive the kicks and cuffs due to the premier or president. -- Ambrose Bierce

Working...