7
flask
191d

Just started Online Banking at my bank. Checked how much money I have and what I can do on the website.

Afterwards I opened the dev tools and see that there is a js warning. So I open the console and the fucking first thing I see is: Loglevel set to INFO. WHAT THE FUCK?!?

Other things I found out:
API Endpoints are logged here. Two deprecation warnings for a function used. A warning about a deprecated service used.

The log level is now set to WARN. Several more deprecation warnings for the framework from before.

The fuck is this?

Comments
  • 5
    Saving costs with cheap devs, I guess
  • 9
    You're lucky, when I opened the browser devtools on my netbank portal my account got locked, my IP blacklisted and I had to go in personally and talk to a really unfriendly middle aged customer service lady who was convinced I broke my contract by trying to "reverse-engineer" the portal.
  • 3
    Banking and finance is ridden with a mixture of old age and bureaucracy and the unwillingness of government to adapt to digitalization (hence e.g. laws that make no sense at all) ...

    It's a _miracle_ these things work at all.
  • 0
    Actually, it's your misunderstanding here. Logs of any level are fine in the client, as by definition there are no secrets to access (unless there is poor implementation of the APIs, in which you have a bigger problem altogether).

    Admittedly it's not very polished for a site to have many logs, but go look at the console logs on Facebook or other sites. Lots of sites either issue warnings or otherwise other logs (sometimes even fun easter eggs!) to the console.
  • 1
    @fullstackchris Logging which deprecated frameworks you're using with the name and version number is a security consideration.

    In my opinion it's also not necessary and rather unprofessional to log several js objects containing api endpoints, menu items and other stuff though that was not the stuff bugging me out.
  • 2
    @lbfalvy imagine if the had put as much resources in to real security as the did into detecting if dev tools was opened
  • 0
    @lbfalvy

    How can website detect you open dev tool?

    I thought the server do not know anything you do client side.
  • 0
    @mr-user an suddenly getting smaller window probably.
  • 1
    @mr-user probably by listening to an F12 keypress
  • 0
    @mr-user Keyboard events, window size changes, script timing.
  • 0
    Stuff gets deprecated so quickly can you really blame them?
  • 0
    @d4ng3r0u5 If my web app is using deprecated tools I'd rather not have everyone know about it.
Add Comment