[H-GEN] Anti-unix changes in Suncorp-Metway's updated banking TOS
Mark Suter
suter at zwitterion.humbug.org.au
Mon Jan 24 08:03:38 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2005-01-24, Andrae Muys wrote:
> I would suggest that a far better approach would be to suggest that the
> including IE5.5 in that list is in direct violation of best-practice
> standards within the security industry (citation to the appropriate CERT
> advisory someone?), and to require users to voilate basic security
> principles or surrender their right to claim against the bank for
> security failures is a fragrant abuse of the banks position of power in
> the relationship.
I've looked at Suncorp's terms - they don't make sense. Given Microsoft
Internet Explorer is grossly insecure[1] and US-CERT says "Use a different
web browser"[2], wouldn't using it breech 23.11 (e) ?
23.11 (e) not act with extreme carelessness in failing to protect the
security of all the secret access codes.
https://internetbanking.suncorpmetway.com.au/sml/terms.asp
[1] http://secunia.com/advisories/12889/
[2] http://www.kb.cert.org/vuls/id/713878
Yours sincerely,
- -- Mark John Suter | I know that you believe you understand
suter at humbug.org.au | what you think I said, but I am not sure
gpg key id 2C71D63D | you realise that what you heard is not
mobile 0411 262 316 | what I meant. Robert J. McCloskey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Check Keyservers or http://zwitterion.org/keys/
iD8DBQFB9PIqRYso2ixx1j0RAovrAJ9slVDt15LgmEdrpuXeGtqvWps5+ACgkVPB
x18WQS2RRNiVOJc1DOhgxeo=
=iYU4
-----END PGP SIGNATURE-----
More information about the General
mailing list