Banking with Facebook - Probably not the best idea ever
Thursday, December 10, 2009 at 11:13PM
Mike Bailey at Skeptikal.org wrote up last week about a new Facebook app called MyMoney. MyMoney is an application that according to its creators allows you to:
Manage your finances right from your Facebook profile, simply and securely! MyMoney is an online home banking application that interacts with a variety of financial institutions, so you can view your account balances, transfer money between accounts, review histories, and much more.
Sounds kind of cool? Hold your horses. In a post dripping with sarcasm (letting you know in case your detector is a bit off) he says:
I know you're thinking this is a bad idea, and are concerned about MyMoney's security. Don't worry, I checked it out. They have "multiple layers of security protecting...data and accounts." The application iframes you into their site (hosted on https://mm.galaxyplus.com). If you forget the URL, they left zone transfers enabled for you, so you can just select from a list of galaxyplus.com subdomains. The iframe's URL has a parameter called "fb_sig_user." If you manipulate this parameter, you get to see the contents of all your friends' accounts (presumably so you can borrow money without all that awkward asking). The only thing I don't like about this application is that they left error reporting on. I don't like seeing those ugly ASP stack traces every time I use an HTML tag as a form parameter. Lol!
Note to readers: online banking should be done in a virtual machine if at all possible, and that is all that you should do with VM, nothing else. If that is too much of a hassle, at least download and install a browser like Firefox or Chrome and use that browser exclusively for your banking.
If you'd like to read the entire (hilarious) post, click here.
