Fresh Cross Site Scripting (XSS) vulnerablities..

I've updated my Banking security page with some new details on current security vulnerabilities and dumb security mistakes that top banking sites make. Included in this list is a 3 year old session bug in HSBC and XSS bugs in ING Direct and US Bank. It's really hard to believe that sites that must spend millions on security don't handle some of the most basic (and old) online security bugs.

Continued Security Problems with HSBC online banking

While HSBCDirect will offer you a great rate for online savings account, I can not recommend them. Over 6 months ago I noticed a serious security problem with their online banking site. I notified them immediately , and I received a response that they'd look into the problem. While they quickly attempted a Band-Aid(tm) fix for the problem, the have not fixed it to my satisfaction. It also should not be satisfactory to their security team. It may be that they are just incapable of fixing the problem. At this point I don't know what else I can do besides steering people away from their site. More banking security holes here. (Disclosure: I used to work for on several online banking sites, including HSBConline, but not on this portion of the site)

Coffee and Cash at Gold Cafe

I'm typing and posting this message from a bank, and a coffee shop. This strangeness is brought to me by Gold Cafe, an integrated coffee shop and bank. It's more of a coffee shop where they try to sell you banking products, or a bank where they try to sell you coffee. They have weird video tele tellers that look like atm machines, but act more like a drive up bank, but on foot. Well, at least they have free wifi.