Feeds

Commonwealth Bank in comedy Heartbleed blog FAIL

Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'

The essential guide to IT transformation

An attempt by Australia's Commonwealth Bank to reassure customers that they would not be harmed by the Heartbleed vulnerability has backfired spectacularly after tech-savvy customers made mincemeat out of a badly worded blog post.

A bank representative blogged: “I’m happy to report that our customers can rest assured we are patched against the ‘Heartbleed’ bug and you do not need to change your NetBank password.”

Which is nice to know. Unfortunately the words “we are patched against the ‘Heartbleed’ bug” caused a severe outbreak of FUD as some readers took them to mean the bank had been vulnerable to Heartbleed and had since applied a patch. As we now know, all sorts of nasty attacks were possible before patches arrived.

Astute readers pointed out that problem in comments on the post. The bank replied as follows:

… you do not need to change your NetBank password. We are patched against the Heart Bleed bug. We are dedicated to ensuring our data and that of our customers is safe and secure. We take matters of security very seriously and our security teams are always up to date with all of the latest security developments so that we can continually strengthen the protections we have in place.

Which again confused readers, leading some to ask for a simple “yes or no” answer to the question of whether the bank ever ran the troublesome version of Open SSL.

The bank's response was to copy and paste the above response several times into the comments.

The more technically literate corners of Twitter in Australia have had rather a lot of fun at the bank's expense since, as a Twitter stream of @Commbank mentions demonstrates.

The bank, meanwhile, seems to have stopped publishing comments from readers.

This incident will doubtless be replayed soon by social media “experts” as the kind of thing one should not do with “owned media”. A hundred corporate websites will become even blander and less interesting as a result.

Ironically, the bank has just invited the IT media to meet some of its operations folks. What chance the social media “experts” will join the dots between the bank's bloggers and technology experts for future posts on such matters? ®

Next gen security for virtualised datacentres

More from The Register

next story
MEN WANTED to satisfy town full of yearning BRAZILIAN HOTNESS
'Prettier, better organised, more harmonious than if men were in charge'
Cops baffled by riddle of CHICKEN who crossed ROAD
'Officers were unable to determine Chicken's intent'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
Drunkards warned: If you can't walk in a straight line, don't shop online, you fool!
Put it away boys. Cover them up ladies. Your credit cards, we mean
Why your mum was WRONG about whiffy tattooed people
They're a future source of RENEWABLE ENERGY
Murder accused DIDN'T ask Siri 'how to hide my roommate'
US court hears of cached browser image - not actual request
Chomp that sausage: Brits just LOVE scoffing a Full Monty
Sales of traditional brekkie foods soar as hungry folk get their mitts greasy
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?