[H-GEN] Anti-unix changes in Suncorp-Metway's updated banking TOS

Gary Curtis gazilla at gmail.com
Mon Jan 24 09:18:19 EST 2005

Thank you Mark for directing my attantion to Clause 23.11.  At the very end
of that clause there is mention of the "EFT Code" [1].   Clause 5 of that 
Code deals with "Liability for unauthorised transactions", and make for an 
interesting read. (warning: its a 45 page PDF).

Of particular interest is Clause 5.2(b) which is copied [almost] verbatim 
into Suncorp's Terms as Clause 23.9(b). ...

"The account holder has no liability for losses relating to any component
of an access method that are forged, faulty, exired, or cancelled;"

Surely phishing is a form of forgery. Now all we have to do is prove that
Suncorp use Windows somewhere in the delivery of their IB product and
that covers "faulty".


[1] http://www.asic.gov.au/asic/pdflib.nsf/LookupByFileName/eft_code.pdf/$file/eft_code.pdf

On Mon, 24 Jan 2005 23:03:38 +1000, Mark Suter
<suter at zwitterion.humbug.org.au> wrote:
> [ Humbug *General* list - semi-serious discussions about Humbug and     ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
> Hash: SHA1
> On 2005-01-24, Andrae Muys wrote:
> > I would suggest that a far better approach would be to suggest that the
> > including IE5.5 in that list is in direct violation of best-practice
> > standards within the security industry (citation to the appropriate CERT
> > advisory someone?), and to require users to voilate basic security
> > principles or surrender their right to claim against the bank for
> > security failures is a fragrant abuse of the banks position of power in
> > the relationship.
> I've looked at Suncorp's terms - they don't make sense.  Given Microsoft
> Internet Explorer is grossly insecure[1] and US-CERT says "Use a different
> web browser"[2], wouldn't using it breech 23.11 (e) ?
>     23.11 (e) not act with extreme carelessness in failing to protect the
>               security of all the secret access codes.
>     https://internetbanking.suncorpmetway.com.au/sml/terms.asp
> [1] http://secunia.com/advisories/12889/
> [2] http://www.kb.cert.org/vuls/id/713878
> Yours sincerely,
> - -- Mark John Suter  | I know that you  believe  you understand
> suter at humbug.org.au | what you think I said, but I am not sure
> gpg key id 2C71D63D | you realise that what you  heard  is not
> mobile 0411 262 316 | what I meant.        Robert J. McCloskey
> Version: GnuPG v1.2.5 (GNU/Linux)
> Comment: Check Keyservers or http://zwitterion.org/keys/
> iD8DBQFB9PIqRYso2ixx1j0RAovrAJ9slVDt15LgmEdrpuXeGtqvWps5+ACgkVPB
> x18WQS2RRNiVOJc1DOhgxeo=
> =iYU4
> _______________________________________________
> General mailing list
> General at lists.humbug.org.au
> http://lists.humbug.org.au/cgi-bin/mailman/listinfo/general

And remember, it's spelled Gary Curtis, but it's pronounced "Gazilla"

More information about the General mailing list