F-Secure, Veikkaus, POP Vakuutus Scammed By SC5.io

Just weeks after SC5, a company based in Finland, launched its HTML5 technology and sold it to Veikkaus, POP Vakuutus and F-Secure Personal Cloud Service, big HTML5 loopholes that are easy to exploit have been sited on the frontend of Veikkaus and POP Vakuutus sites by users.

Two users have also reported being able to execute unwanted code on the F-Secure site through their browser facilitated by the cross site scripting vulnerability associated with HTML5. All these vulnerabilities are unique to a programmer called name removed by moderator.

There are several other vulnerabilities reported by companies whose sites have been worked on by name removed by moderator. Be warned and avoid falling victim.

I removed the name because it does not serve a purpose nor is there a proper corroboration for the accusation.

Do you have other information about whether the infected web sites are still infected, how long they have been infected, if there still is a danger (and if so for what browsers) and whether precautionary measures are needed?