Channel Register

Comments on: HSBC scripting flaws play into the hands of phishers

HSBC / First Direct - Clueless muppets. 

Posted Wednesday 25th June 2008 10:43 GMT

Gates Horns

I contacted them the other week with regards to EVV Certificates, and the fact that First Direct seemed to be failing (according to Opera's strict EVV implementation), they had no idea at what EVV was, let alone cross site scripting that was breaking the site.

I would move banks, but experience says that they are all pretty much clueless when it comes to security..

Cutting to the Chase and Chastened..... 

Posted Wednesday 25th June 2008 11:11 GMT

Alien

A Right Royal Cock Up in other Words?

And a Question for Modesty's Sake/Stake.

cc ... HMGCC re Cinderella ProgramMIng.

And just so atypical of Python Psyche to Fail Delivery with False Modesty.

There's Work to be Done, Empire States 42 Build.

Two months? What a bunch of optimists 

Posted Wednesday 25th June 2008 11:37 GMT

Paris Hilton

Two months is a rather optimistic estimate for HSBC security process.

Their Verified by Visa marketing gimmick was storing state in clients in a way where you could skip all verification steps with Konqueror. I tried to explain this to them and they simply did not care. So I gave up and registered with Mozilla. This was more than a year ago and last time I had a look at it the bug was still there.

Paris, as the symbol of their (and not only their) UK banking coding quality and security.

Muppets 

Posted Wednesday 25th June 2008 11:50 GMT

Unhappy

The UK site is still open to SQL injection attack. They also took 6 months to add a major city's branch details back to their search results, long after I had told them about the problem a total of 6 times by various means.

Global Bank + global workforce = ... 

Posted Wednesday 25th June 2008 12:11 GMT

Gates Horns

Clueless-ness on a global level.

This is what happens when you have teams of people who don't know more than the basics and are used to thinking of security as an afterthought.

Want someone to blame? Blame Microsoft. Yeah Microsoft. Not because they use Microsoft's products but because Microsoft was the first major software company who's mantra was "Rush to be first to market, then clean up the mess later."

@Mark 

Posted Wednesday 25th June 2008 12:26 GMT

Boffin

Yep, I think they are all about as bad as each other. Nat West/RBS assured me that if my browser passed their user agent verification then they were prepared to *guarantee* that my system was secure and they were extremely confident in this security system.

Co-op too? 

Posted Wednesday 25th June 2008 12:39 GMT

Pirate

Been getting a lot of phish-bait in the spamtrap which claims to tbe Co-op related recently.

Screw It 

Posted Wednesday 25th June 2008 20:30 GMT

You know, all this Internet banking stuff is total crap. The world worked just find (some would argue better) before everyone expected instant responses. The crap coding coming out of so many professionals these days, combined with the dishonest attitudes of so many people completely take away any advantage the online world offers. Except of course to get online and comment on various websites for no gain.

Back to cash and barter.

First Direct 

Posted Thursday 26th June 2008 07:35 GMT

I'm with them, but since I know how secure Internet banking is I always pick up the phone - hard-line, not VOIP. They are there 24/7 and I would rather talk than type.

Not quite face to face, but it's on my terms and not some 'closed by 3:30' local-ish sales office (that'd be Lloyds-TSB mostly; don't know why my wife puts up with their 'annual review' insults).