Feeds

Commonwealth Bank in comedy Heartbleed blog FAIL

Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'

Eight steps to building an HP BladeSystem

An attempt by Australia's Commonwealth Bank to reassure customers that they would not be harmed by the Heartbleed vulnerability has backfired spectacularly after tech-savvy customers made mincemeat out of a badly worded blog post.

A bank representative blogged: “I’m happy to report that our customers can rest assured we are patched against the ‘Heartbleed’ bug and you do not need to change your NetBank password.”

Which is nice to know. Unfortunately the words “we are patched against the ‘Heartbleed’ bug” caused a severe outbreak of FUD as some readers took them to mean the bank had been vulnerable to Heartbleed and had since applied a patch. As we now know, all sorts of nasty attacks were possible before patches arrived.

Astute readers pointed out that problem in comments on the post. The bank replied as follows:

… you do not need to change your NetBank password. We are patched against the Heart Bleed bug. We are dedicated to ensuring our data and that of our customers is safe and secure. We take matters of security very seriously and our security teams are always up to date with all of the latest security developments so that we can continually strengthen the protections we have in place.

Which again confused readers, leading some to ask for a simple “yes or no” answer to the question of whether the bank ever ran the troublesome version of Open SSL.

The bank's response was to copy and paste the above response several times into the comments.

The more technically literate corners of Twitter in Australia have had rather a lot of fun at the bank's expense since, as a Twitter stream of @Commbank mentions demonstrates.

The bank, meanwhile, seems to have stopped publishing comments from readers.

This incident will doubtless be replayed soon by social media “experts” as the kind of thing one should not do with “owned media”. A hundred corporate websites will become even blander and less interesting as a result.

Ironically, the bank has just invited the IT media to meet some of its operations folks. What chance the social media “experts” will join the dots between the bank's bloggers and technology experts for future posts on such matters? ®

Boost IT visibility and business value

More from The Register

next story
Motorist 'thought car had caught fire' as Adele track came on stereo
'FIRE' caption on dashboard prompts dunderheaded hard shoulder halt
Delaware pair nabbed for getting saucy atop Mexican eatery
Burrito meets soft taco in alleged rooftop romp outrage
Japanese artist cuffed for disseminating 3D ladyparts files
Printable genitalia fall foul of 'obscene material' laws
Carlos: Slim your working week to just three days of toil
'Midas World' vision suggests you retire later, watch more tellie and buy more stuff
Brit Rockall adventurer poised to quit islet
Occupation records broken, champagne corks popped
Apple: No, China. iPhone is NOT public enemy number 1
Beijing fears it could beam secrets back to America
Canuck reader threatens suicide over exact dimensions of SPAAAACE!
How many As? Reg hack's writing cops a shoeing
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.