As pointed out by Heise Security last Friday a number of major UK banks run web sites that allow criminals to exploit the sites, e.g. for phishing purposes. Two of the exposed sites have been improved over the week-end.
As reported in this column, last Friday Heise Security released a demo which showed that the web sites of a number of large UK financial institutions lend themselves to use by criminal phishing attacks by allowing frame spoofing and cross scripting attacks.
Over the week-end NatWest and UBS have improved their sites (though the UBS site is still exploitable), thus increasing the security of their users. Consequently, Heise have updated their information - see link below.
Related links: (Open in a new window.)
chi-publishing.com/index.php?newsID=1167
www.heise-security.co.uk/articles/76590/0
www.heise-security.co.uk/
Taken from Information Security Bulletin.