Want to watch HSBC's security awareness videos? You'd best have Flash installed...

Umm.. how is this a good idea?

Want to watch HSBC's security videos? You'd best have Flash installed...

Most of us know that you're safer not having Adobe Flash on your computer.

There have been too many vulnerabilities, that have been exploited too many times, in too many attacks.

Everyone knows Adobe Flash is a menace. Heck, even porn sites are giving up on it.

So I was disappointed to be sent this link to a page entitled "HSBC Safeguard" on the HSBC website.

HSBC site

Financial crime can affect anyone and everyone. Your support will go a long way to helping us make banking safer. Watch the video below to learn more about how HSBC is dealing with financial crime.

To protect customers and HSBC from financial crime, we need to ensure that your information is accurate, up to date, and complete. Watch the video below to understand what type of documents you might be requested to submit

But take a closer look at that screenshot.

Flash sorry

Oh dear.

If porn sites can stop relying on Flash to stream their saucy movies, can't banks like HSBC perhaps find a better way of sharing their security awareness videos? Most modern browsers, for instance, will have no trouble at all watching videos on YouTube using the HTML5 video standard if your company doesn't think they're suitable for... I don't know... PornHub.

The simple truth is this. If you don't give your customers a different way to consume your content, they're going to feel forced to (shudder...) install and enable Adobe Flash in their browser.

And that's just not good at all for security.

PS. HSBC aren't the only offenders, of course. Last month it was discovered that you could save $5 with FedEx... if you enabled Adobe Flash in your browser.

Hat-tip: Thanks to Malcom Vernon for sending me a tip about HSBC's website.

Tags: , ,

Smashing Security audio podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, ,

4 Responses

  1. Alexandria Subica

    April 21, 2017 at 6:54 pm #

    What company would you advise for me to protect my desktop from malware, etc.? I've been using AVG, but I would like your input on the matter. Thank you.

    • Karl in reply to Alexandria Subica.

      April 22, 2017 at 6:10 pm #

      If Windows, then nothing. Use the built-in Windows defender.
      YOU have to protect yourself. Do not click on unsolicited links, download unknown tools/programs, etc.

    • David L in reply to Alexandria Subica.

      April 24, 2017 at 10:07 pm #

      You should read some reviews on the various vendors and what they offer to see what fits your needs. Personally, I like : https://www.malwarebytes.com/ products, which offers a free, & ad free Android app.

      And : https://www.avast.com/en-us/android products. Also has free offers for home and Android, but ad supported, which is not too annoying. AVG is owned by Avast now, bought out last year, but also a good product. Here are reviews of all the top vendors:
      https://www.av-test.org/en/ And :
      https://www.av-comparatives.org/

      And a very good site for staying safe online can be found here:
      https://www.gcflearnfree.org/internetsafety/

      Keeping all your software up to date is very critical, but I usually make copies of my apps before I update, Incase of bugs I can revert back to a previous version I know worked just fine. I only do this about every third time, and for apps I use everyday. As far as using the native "Defenders" protection on Windows 10, there are lots of articles online for using only that, and or adding another AV product.

  2. Karl

    April 22, 2017 at 6:09 pm #

    I love the irony of this.
    Thanks for sharing.

Leave a Reply