• Barclays Online Banking gives 3rd Parties access to login pages

    Banks aren't exactly known for living on the bleeding edge - even where good security practice moves on, they tend to be years behind. For better or worse, they lean toward preferring stability and consistency over chasing the latest and greatest.

    However, this issue doesn't really fall under that traditional niche of "well, banks will be banks".

    Barclays bank (and others) are giving 3rd party scripts access to their Internet Banking login pages - the result is that a compromise or mistake at their supplier could compromise their customer's login credentials.

    I highlighted this issue a few months back, and Barclays replied with "deliberate, not an issue" (paraphrasing a bit there), so I'm now getting around to writing it up.

  • The State of Mobile Banking (in the UK)

    News recently broke that Tesco Bank's Android App refuses to run when Tor is also installed on the handset, presumably in the name of security.

    So, out of morbid curiousity, I thought I'd take a quick look at just how effectively various banking apps were secured. Banks, after all, should be at the forefront of security (even if they often aren't)

    To start with a disclaimer - personally, I think using banking services on any mobile device is a bad idea from the outset, and some of the results definitely support that idea. I've only taken a cursory look, and not made any attempt to dis-assemble any of the apps.