Posted by Virus Bulletin on Oct 24, 2006
Report names and shames insecure banking sites - again.
A report from heise Security, following up on a previous study released a month ago, claims several UK banks are still using insecure login methods despite warnings issued in the earlier report.
While some of the sites tested in the original survey have improved, several, including Cahoot, the Bank of Scotland and First Direct, were still vulnerable to the same frame-spoofing attacks. First Direct announced updates were due shortly before publication of the new report, and a demo attack on First Direct included in the story no longer works.
Of nine banks tested for the first report, only three, Barclays, HSBC and the Halifax, were found to be safe against all tests. The vulnerablities leave the banks' customers at risk from phishing attacks using faked login screens.
See the new heise Security report here. The original test results are here.
Posted on 24 October 2006 by Virus Bulletin
