Feeds

Commonwealth Bank in comedy Heartbleed blog FAIL

Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'

Security for virtualized datacentres

An attempt by Australia's Commonwealth Bank to reassure customers that they would not be harmed by the Heartbleed vulnerability has backfired spectacularly after tech-savvy customers made mincemeat out of a badly worded blog post.

A bank representative blogged: “I’m happy to report that our customers can rest assured we are patched against the ‘Heartbleed’ bug and you do not need to change your NetBank password.”

Which is nice to know. Unfortunately the words “we are patched against the ‘Heartbleed’ bug” caused a severe outbreak of FUD as some readers took them to mean the bank had been vulnerable to Heartbleed and had since applied a patch. As we now know, all sorts of nasty attacks were possible before patches arrived.

Astute readers pointed out that problem in comments on the post. The bank replied as follows:

… you do not need to change your NetBank password. We are patched against the Heart Bleed bug. We are dedicated to ensuring our data and that of our customers is safe and secure. We take matters of security very seriously and our security teams are always up to date with all of the latest security developments so that we can continually strengthen the protections we have in place.

Which again confused readers, leading some to ask for a simple “yes or no” answer to the question of whether the bank ever ran the troublesome version of Open SSL.

The bank's response was to copy and paste the above response several times into the comments.

The more technically literate corners of Twitter in Australia have had rather a lot of fun at the bank's expense since, as a Twitter stream of @Commbank mentions demonstrates.

The bank, meanwhile, seems to have stopped publishing comments from readers.

This incident will doubtless be replayed soon by social media “experts” as the kind of thing one should not do with “owned media”. A hundred corporate websites will become even blander and less interesting as a result.

Ironically, the bank has just invited the IT media to meet some of its operations folks. What chance the social media “experts” will join the dots between the bank's bloggers and technology experts for future posts on such matters? ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Oi, London thief. We KNOW what you're doing - our PRECRIME system warned us
Aye, shipmate, it be just like that Minority Report
WRISTJOB LOVE BONANZA: justWatch sex app promises blind date hookups
Mankind shuffles into the future, five fingers at a time
Every billionaire needs a PANZER TANK, right? STOP THERE, Paul Allen
Angry Microsoftie hauls auctioneers to court over stalled Pzkw. IV 'deal'
Apple's Mr Havisham: Tim Cook says dead Steve Jobs' office has remained untouched
'I literally think about him every day' says biz baron's old friend
Cops apologise for leaving EXPLOSIVES in suitcase at airport
'Canine training exercise' SNAFU sees woman take home booming baggage
Flaming drone batteries ground commercial flight before takeoff
Passenger had Something To Declare, instead fiddled while plane burned
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.