Report names and shames insecure banking sites – again.
A report from
heise Security
, following up on a previous study released a month ago, claims several UK banks are still using insecure login methods despite warnings issued in the earlier report.
While some of the sites tested in the original survey have improved, several, including
Cahoot
, the
Bank of Scotland
and
First Direct
, were still vulnerable to the same frame-spoofing attacks.
First Direct
announced updates were due shortly before publication of the new report, and a demo attack on
First Direct
included in the story no longer works.
Of nine banks tested for the first report, only three,
Barclays
,
HSBC
and the
Halifax
, were found to be safe against all tests. The vulnerablities leave the banks’ customers at risk from phishing attacks using faked login screens.
See the new
heise Security
report
here
. The original test results are
here
.
Posted on 24 October 2006 by
Virus Bulletin
Leave a Reply