Fresh Cross Site Scripting (XSS) vulnerablities..

I've updated my Banking security page with some new details on current security vulnerabilities and dumb security mistakes that top banking sites make. Included in this list is a 3 year old session bug in HSBC and XSS bugs in ING Direct and US Bank. It's really hard to believe that sites that must spend millions on security don't handle some of the most basic (and old) online security bugs.

Continued Security Problems with HSBC online banking

While HSBCDirect will offer you a great rate for online savings account, I can not recommend them. Over 6 months ago I noticed a serious security problem with their online banking site. I notified them immediately , and I received a response that they'd look into the problem. While they quickly attempted a Band-Aid(tm) fix for the problem, the have not fixed it to my satisfaction. It also should not be satisfactory to their security team. It may be that they are just incapable of fixing the problem. At this point I don't know what else I can do besides steering people away from their site. More banking security holes here. (Disclosure: I used to work for on several online banking sites, including HSBConline, but not on this portion of the site)