Feeds

Commonwealth Bank in comedy Heartbleed blog FAIL

Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'

Internet Security Threat Report 2014

An attempt by Australia's Commonwealth Bank to reassure customers that they would not be harmed by the Heartbleed vulnerability has backfired spectacularly after tech-savvy customers made mincemeat out of a badly worded blog post.

A bank representative blogged: “I’m happy to report that our customers can rest assured we are patched against the ‘Heartbleed’ bug and you do not need to change your NetBank password.”

Which is nice to know. Unfortunately the words “we are patched against the ‘Heartbleed’ bug” caused a severe outbreak of FUD as some readers took them to mean the bank had been vulnerable to Heartbleed and had since applied a patch. As we now know, all sorts of nasty attacks were possible before patches arrived.

Astute readers pointed out that problem in comments on the post. The bank replied as follows:

… you do not need to change your NetBank password. We are patched against the Heart Bleed bug. We are dedicated to ensuring our data and that of our customers is safe and secure. We take matters of security very seriously and our security teams are always up to date with all of the latest security developments so that we can continually strengthen the protections we have in place.

Which again confused readers, leading some to ask for a simple “yes or no” answer to the question of whether the bank ever ran the troublesome version of Open SSL.

The bank's response was to copy and paste the above response several times into the comments.

The more technically literate corners of Twitter in Australia have had rather a lot of fun at the bank's expense since, as a Twitter stream of @Commbank mentions demonstrates.

The bank, meanwhile, seems to have stopped publishing comments from readers.

This incident will doubtless be replayed soon by social media “experts” as the kind of thing one should not do with “owned media”. A hundred corporate websites will become even blander and less interesting as a result.

Ironically, the bank has just invited the IT media to meet some of its operations folks. What chance the social media “experts” will join the dots between the bank's bloggers and technology experts for future posts on such matters? ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Swiss wildlife park serves up furry residents to visitors
'It's ecological' says spokesman, now how would you like your Bambi done?
Win a year’s supply of chocolate (no tech knowledge required)
Over £200 worth of the good stuff up for grabs
Down-under record: Australian gets $140k for pussy
'Tiffany' closes deal - 'it's more common to offer your wife', says agent
Facebook's Zuckerberg in EBOLA VIRUS FIGHT: Billionaire battles bug
US Centers for Disease Control and Prevention contacted as site supremo coughs up
Internet finally ready to replace answering machine cassette tape
It's a simple message and I'm leaving out the whistles and bells
ePassport to Transnistria: NEXTIFYING the Nation State with BONG
Hey the Man, you can't geoblock distributed democracy
Red Bull does NOT give you wings, $13.5m lawsuit says so
Website letting consumers claim $10 cash back crashes after stampede
Trolls have DARK TETRAD of personality defects, say trickcyclists
Think psychopathy and BDSM dungeons, not desktops
The iPAD launch BEFORE it happened: SPECULATIVE GUFF ahead of actual event
Nerve-shattering run-up to the pre-planned known event
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.