Korea went deeply down the "custom security" rabbithole too, and many banks there still rely on activeX controls and custom encryption algorithms and other insane bullshit that actively impairs security. It seems to be a regional thing (or at least a developing-country thing).
This is not unheard-of in the enterprise world in the US either. To name-and-shame, Allscripts Enterprise EHR system still uses active-x controls and is still actively deployed in hospital systems.
The typical deployment will be a sandboxed VDI installation that isn't allowed to directly talk to anything except its EHR server and has to be connected via citrix or similar. It is still insane, of course, but the medical world is another one that moves slow. Probably some stuff in the financial sector too, they like that shit too.
I spent two years modernizing one of these IE only apps (moved to chrome/firefox). Sometimes the offending activex control is simply a xml component (literally parsing, xsl, xpath, etc stuff) of a newer version than what was built in at one time. Firefox and Chrome don't handle xml nearly as seamlessly as old IE did. But other times these apps require IE11, but it's actually executing the page in IE6 or 7 compatibility mode. That was the case with mine, Microsoft DHTML Behaviors, the horror, the horror....
I know it's just... weird. SK embarked on a path of rapid industrialization by handing a massive amount of power to corporate conglomerates (chaebols). They're like a developing nation in that respect... they just happen to be a developing nation that is on the forefront of certain high-tech industries. Samsung, LG, Hyundai, and the other chaebols utterly run the political sphere in a sense that is obscene even by western standards.
The president being jailed a couple years ago for being a chaebol pawn is kind of indicative of the whole thing, and nothing has really changed.
On the other hand maybe that's the shadowrun future in store for us all. ;)
https://palant.info/2023/01/02/south-koreas-online-security-... HN discussion: https://news.ycombinator.com/item?id=34231364
https://www.forbes.com/sites/elaineramirez/2016/11/30/south-...
This is not unheard-of in the enterprise world in the US either. To name-and-shame, Allscripts Enterprise EHR system still uses active-x controls and is still actively deployed in hospital systems.
The typical deployment will be a sandboxed VDI installation that isn't allowed to directly talk to anything except its EHR server and has to be connected via citrix or similar. It is still insane, of course, but the medical world is another one that moves slow. Probably some stuff in the financial sector too, they like that shit too.