[H-GEN] Anti-unix changes in Suncorp-Metway's updated banking TOS

Mark Suter suter at zwitterion.humbug.org.au
Mon Jan 24 08:03:38 EST 2005

Hash: SHA1

On 2005-01-24, Andrae Muys wrote:

> I would suggest that a far better approach would be to suggest that the 
> including IE5.5 in that list is in direct violation of best-practice 
> standards within the security industry (citation to the appropriate CERT 
> advisory someone?), and to require users to voilate basic security 
> principles or surrender their right to claim against the bank for 
> security failures is a fragrant abuse of the banks position of power in 
> the relationship.

I've looked at Suncorp's terms - they don't make sense.  Given Microsoft
Internet Explorer is grossly insecure[1] and US-CERT says "Use a different
web browser"[2], wouldn't using it breech 23.11 (e) ?

    23.11 (e) not act with extreme carelessness in failing to protect the
              security of all the secret access codes.

[1] http://secunia.com/advisories/12889/
[2] http://www.kb.cert.org/vuls/id/713878

Yours sincerely,

- -- Mark John Suter  | I know that you  believe  you understand
suter at humbug.org.au | what you think I said, but I am not sure
gpg key id 2C71D63D | you realise that what you  heard  is not
mobile 0411 262 316 | what I meant.        Robert J. McCloskey
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Check Keyservers or http://zwitterion.org/keys/


More information about the General mailing list