An Australian security researcher has found himself questioned by police and threatened by a commercial law firm – for reporting a vulnerability to a financial company. Proving that shoot-the-messenger ham-fistedness isn’t dead, First State Super – which handles much of the superannuation of the NSW public service, among other …
Nothing surprises me about this mob
and sadly I am forced to be a customer of theirs !
Security conscious, these chaps
This is the mob that had a clause in their Ts&Cs (last time I checked, six years ago) stating that if they were faced with someone impersonating me on their phone banking line, and they "reasonably believed" it to be me, anything that person did with my money was my problem, not theirs.
Needless to say I didn't open a super account with First State.
This isn't exclusive to First State.
There's a higher chance of seeing a snowball in Hell than seeing <insert company here> admitting the slightest liability for anything in their T&C's.
Upon reflection, not too long after hitting "Submit", this probability came to mind. Of course, there's often a divide between what they say they'll do and what they legally can do, which I suspect is in the customer's favour.
I think I'm going to have to double check my current super fund's Ts&Cs...
"apparently perpetuating the debatable belief that altering a URL constitutes “hacking” or at least “unauthorised access to a computer” – something which could entertain a capable defence lawyer."
ISTR that in the UK some poor guy was done for typing something like www.fakesite.co.uk/// when he wanted to know where a supposed charity donation was going. It set off BTs alarms, who managed to convince a judge that the guy was a major terrorist and needed to be set an example of.
Dear CEO - sorry about the punch in the face
It's just procedure.