From what I remember, South Korea has very unusual legal requirements when it comes to online banking. People used to be stuck with Internet Explorer because the required software would only work as ActiveX.

Anyone know how it works these days? Technical documentation maybe?

I found some code online that’s using this. I guess that’s all the technical documentation I’ll get. 😅


I need to start thinking about how to contact Korean security companies about security vulnerabilities in their products. Of course they don’t list any security contact anywhere. In fact, they tend to list only phone numbers. Should I call their Seoul office? 🙄​

At the current count I am going to reserve six CVEs for their product. This is going to be fun…

Make that seven CVEs. I’m done, will polish the proofs of concept and attempt to report this mess then.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.