Slashdot Mirror

← Back to Stories (view on slashdot.org)

Korea Post Office Supports XPCOM Based E-Banking

Posted by ScuttleMonkey on from the isn't-it-about-time dept.

Channy writes "Mozillazine is reporting that the Korean Post Office has decided to support Mozilla Firefox for internet banking and has started the developement project of an XPCOM based internet banking system. From the article: 'In past there were no web browsers for 128 bit encryption except Opera 3.5 for international users when Korea started internet banking services in 1998.'"

11 of 144 comments (clear)

  1. SEED? by erikharrison · · Score: 4, Informative

    The article is a little ambiguous - this seems to be only for SEED, a Korean only strong encryption algorithm, which itself isn't native to browsers, which is why they required activex in the first place.

    1. Re:SEED? by Channy · · Score: 5, Informative

      In past, there were no 128bit browser for international users. But, 40bit is very weak for financial service. So Korea chose plugin based internet banking and made own 128bit algorithm called SEED. Firstly, both NSPlugin and ActiveX were supported. After browser war, there is no market share of Netscape. So most of banks stop NSplugin. The SEED goes to world standard. http://www.ietf.org/html.charters/smime-charter.ht ml http://www.ietf.org/internet-drafts/draft-ietf-smi me-cms-seed-02.txt

  2. Re:Not quite following... by Wizarth · · Score: 3, Informative

    I'd say it's because they have all their SEED technology in place, and don't want to replace that. Especially since it currently works. Producing a XPCOM based plug-in for Mozilla based browsers lets them connect to SEED encrypted connections, without replacing infrastructure.

  3. Re:which korea? by natrius · · Score: 3, Informative

    You're completely mistaken if you think that North and South Korea would want anything to do with each other. Here's a hint: there's troops on each side of the border between them.

    "It's time for us to put an end to history of dissension, and open an era of national integration. This also means laying the grounds to surmount division, and to ring in a reunified era ruled by peace and prosperity."
    - South Korean President Roh Moo-hyun

    Sure, there's some tension there, but I think saying that they want nothing to do with each other is a bit much. That'd be a better characterization for Pakistan and India, where some of the people actually dislike each other. I don't think the North and South Korean people actually dislike each other, but one group just happens to be ruled by a crazy dictator.

  4. Re:What's the point of the encryption? by Anonymous Coward · · Score: 2, Informative

    Surely you jest. Ever heard of rootkits, buffer overflow exploits and the like?

    I work IT department at a major university. Our servers are probed relentlessly. If we don't stay up on the patches, we will get 0wn3d rather quickly.

    I can't tell you how many times some boneheaded student who thinks he is the alpha geek comes to school with his Gentoo or Fedora box, plugs it into his dorm room's ethernet jack, and then proceeds to get owned becuase he doesn't know jack about securing his box. Within a rather short period of time, these boxes are relaying spam (we block outgoing port 25 now) or have become a zombie host for some script kiddie's botnet on IRC.

    Windows is definitely a problem too, I certianly don't want to gloss over that, but you said non-MS doesn't get viruses.

  5. This explains it nicely by Anonymous Coward · · Score: 2, Informative

    http://www.mozilla.org/why/framework.html

  6. Re:Is there a STANDALONE xpcom release? by strcmp · · Score: 4, Informative

    http://www.mozilla.org/projects/xpcom/xpcom-standa lone.html

    --
    "Yields falsehood when preceded by its own quotation" yields falsehood when preceded by its own quotation.
  7. Re:Not quite following... by ihavnoid · · Score: 5, Informative

    First, I'm a Korean citizen who uses on-line banking every day.

    Just as the article mentions, 128-bit SSL wasn't an option when the internet-based banking started on 1998, so Korea had to develop their own standards. Since there are more than 10 million SEED-based certificates issued on this country, changing the whole infrastructure into SSL would be crazy.

    Yes, certficates are issued to everybody who needs an on-line banking account, since itself is used as an authentication method. To get a certificate, you have to visit any bank that you have an account, ask them for on-line banking, and they will give you a one-time password for issuing your certificate (valid for one week).

    Everything else is handled on-line. Since the authentication system is a national standard, it works with any bank, any credit card company, and I remember it also works on the stock market. You don't need any offline registration to use it on another bank.

    The certificate is password-protected, just like any other certificate. I believe the certificate is node-locked. If you want to export/import the key, you need the password associated with the key.

    I'm not sure how many of these kind of features are supported by SSL, but even if IE/Firefox/Opera's SSL has more features, I don't think it's a good idea to replace a system that works well. Yes, I hate ActiveX, but I don't want to see 10+ million Korean citizens visit the bank for re-issuing their certificate.

  8. Misinformation about ActiveX/DCOM by SimHacker · · Score: 2, Informative
    Thanks for trying out, but you can't be a cheerleader if you don't do your homework.

    The ActiveX Specification is freely available for anyone to implement. In case you didn't know, XPCOM is just an open source knock-off of ActiveX, with enough gratuitious changes to make them incompatible in practice. But essentially, they're the same thing.

    XPCOM is no more secure than ActiveX. They both have total access to your computer. It's irresponsible of you to spread the misinformation that XPCOM is more secure than ActiveX, when it's not. It doesn't help anyone to have a false sense of security based on well meaning hype and uninformed cheerleading.

    You're right that both ActiveX and XPCOM are more functional than AJAX (for some definition of the word "functional" -- in the sense that it has more client side functionality).

    Perhaps Firefox should include support for ActiveX? There's nothing stopping them, really. So then it wouldn't have been necessary for to write a special XPCOM control, since they could have used their original ActiveX control.

    Oh yeah, I forgot, it's more important for Firefox to make a rhetorical point by excluding ActiveX support, than to serve the needs of its users. That's called cutting off your nose to spite your face.

    -Don

    --
    Take a look and feel free: http://www.PieMenu.com
    1. Re:Misinformation about ActiveX/DCOM by SimHacker · · Score: 2, Informative
      You're wrong, and you've completely missed the point of ActiveX and XPCOM.

      They are both systems for defining interfaces that hide the way you implement services. ActiveX says nothing about which API you use to implement the interfaces with. The whole point of ActiveX and XPCOM is to separate interface from implementation.

      ActiveX runs on MacOS, OS/X, Linux, Unix, without any Win32 api dependencies, and on Windows, where you can develop ActiveX controls with or without Win32 and MFC dependenceis.

      I don't understand your argument about "making use of the windows api in linux is about as good as using POSIX on windows". Haven't you ever heard of cygwin? That's pretty good, and I use it all the time.

      I also don't understand your argument about "To add activeX to gecko's windows codebase would just spilt the userbase".

      You sound like those Loki appologists who argue that Wine is evil because it discourages people from developing games for Linux. If it solves some people's problems, then what's your beef with it?

      -Don

      --
      Take a look and feel free: http://www.PieMenu.com
  9. Re:128 bit encryption in AJAX?! Mod parents way do by SimHacker · · Score: 2, Informative
    In case you haven't been paying attention, the whole point of this plug-in is to work around the problem that 128 bit encryption is NOT provided via SSL.

    Please read (and understand) the article before posting, next time.

    By the way, AJAX is not the solution to every problem.

    -Don

    --
    Take a look and feel free: http://www.PieMenu.com