bank liabilities

Discussion in 'NZ Computing' started by thing, Jul 17, 2004.

  1. thing

    thing Guest

    http://channelzone.ziffdavis.com/article2/0,1759,1623215,00.asp

    Based on this (and its not the first scam)...I wonder as sites like Air
    New Zealand/ most travel agents sites that only work at all with
    IE....would they become liable if customers were hacked...?

    Just how liable are our banks if our bank accounts get emptied?

    Based on VISA's attitude I suspect zero if they can get away with it....

    So practical ideas on how to mitigate our risk?

    regards

    Thing
    thing, Jul 17, 2004
    #1
    1. Advertising

  2. thing

    Divine Guest

    On Sat, 17 Jul 2004 14:27:35 +1200, thing wrote:

    > So practical ideas on how to mitigate our risk?


    Do not use Internet banking. Do not have that facility enabled.


    Divine

    --
    "A life? Sounds great! Do you know where I could download one?"
    Divine, Jul 17, 2004
    #2
    1. Advertising

  3. thing

    Ralph Fox Guest

    On Sat, 17 Jul 2004 14:27:35 +1200, in message
    <P60Kc.8799$>, thing wrote:

    > http://channelzone.ziffdavis.com/article2/0,1759,1623215,00.asp
    >
    > Based on this (and its not the first scam)...I wonder as sites like Air
    > New Zealand/ most travel agents sites that only work at all with
    > IE....


    Huh?

    I visit Air NZ's site using K-Meleon, not IE, and I have booked tickets.

    Am I allegedly unable to do that with any browser except IE?


    > would they become liable if customers were hacked...?


    Isn't the article about IIS web _servers_ that are hacked, not the customers?


    > Just how liable are our banks if our bank accounts get emptied?
    >
    > Based on VISA's attitude I suspect zero if they can get away with it....
    >
    > So practical ideas on how to mitigate our risk?



    Get another credit card with a low credit limit, and use only that
    card for online purchases -- such as booking travel online.

    Don't give out any other banking info online.


    > regards
    >
    > Thing



    --
    Cheers,
    Ralph

    Change is inevitable. Progress is optional.
    Ralph Fox, Jul 17, 2004
    #3
  4. thing

    MarkH Guest

    thing <> wrote in news:p60Kc.8799$NA1.824863
    @news02.tsnz.net:

    > http://channelzone.ziffdavis.com/article2/0,1759,1623215,00.asp
    >
    > Based on this (and its not the first scam)...I wonder as sites like Air
    > New Zealand/ most travel agents sites that only work at all with
    > IE....would they become liable if customers were hacked...?
    >
    > Just how liable are our banks if our bank accounts get emptied?
    >
    > Based on VISA's attitude I suspect zero if they can get away with it....
    >
    > So practical ideas on how to mitigate our risk?


    Only use a bank which has internet banking which works with other browsers?

    Westpac NZ’s internet banking works fine with Mozilla.



    --
    Mark Heyes (New Zealand)
    See my pics at http://homepages.ihug.co.nz/~markh/
    "There are 10 types of people, those that
    understand binary and those that don't"
    MarkH, Jul 17, 2004
    #4
  5. thing

    thing Guest

    Ralph Fox wrote:
    > On Sat, 17 Jul 2004 14:27:35 +1200, in message
    > <P60Kc.8799$>, thing wrote:
    >
    >
    >>http://channelzone.ziffdavis.com/article2/0,1759,1623215,00.asp
    >>
    >>Based on this (and its not the first scam)...I wonder as sites like Air
    >>New Zealand/ most travel agents sites that only work at all with
    >>IE....

    >
    >
    > Huh?
    >
    > I visit Air NZ's site using K-Meleon, not IE, and I have booked tickets.
    >
    > Am I allegedly unable to do that with any browser except IE?
    >


    I have had issues with many travel agents sites only working with IE,
    mozilla and Netscape just do not work....I seem to recall issues when I
    tired to use Air NZ a while back.....

    >
    >>would they become liable if customers were hacked...?

    >
    >
    > Isn't the article about IIS web _servers_ that are hacked, not the customers?
    >


    The web servers get hacked and then nasty nasty code on to someone's IE
    browser when they visit....

    regards

    thing
    thing, Jul 17, 2004
    #5
  6. thing

    EMB Guest

    MarkH wrote:

    > Westpac NZ’s internet banking works fine with Mozilla.


    As does the ASB site


    --
    EMB
    change two to number to reply
    EMB, Jul 17, 2004
    #6
  7. In article <P60Kc.8799$>,
    says...
    > http://channelzone.ziffdavis.com/article2/0,1759,1623215,00.asp
    >
    > Based on this (and its not the first scam)...I wonder as sites like Air
    > New Zealand/ most travel agents sites that only work at all with
    > IE....would they become liable if customers were hacked...?
    >
    > Just how liable are our banks if our bank accounts get emptied?
    >
    > Based on VISA's attitude I suspect zero if they can get away with it....
    >
    > So practical ideas on how to mitigate our risk?


    Is this the IIS that the great Nathan Mercer assured us was bug free?
    Patrick Dunford, Jul 17, 2004
    #7
  8. thing

    Tim Guest

    It is up to you to protect your sign ons and pin numbers.

    If you are seen as careless by a bank in looking after your sign on code /
    pin then they will not be inclined to back you up. If they are careless then
    I am sure you will get full support. Don't forget there is the banking
    ombudsman.

    It is up to you to ensure that your system does not have virus, scumware,
    spyware, you name it. It is also up to you to ensure that you do not fall
    prey to phishing expeditions. So, keep up to date with patches regardless of
    OS or browser, use a firewall, use hygienic surfing habits, and keep your
    computer clean.

    If a site fails to support browsers other than IE then raise this as an
    issue with whomever you can as it is nothing other than slack. I suggest you
    write to the IT Manager and CC the Security Manager & CEO. If you do write a
    letter than make sure it is factual, to the point (and has one), accurate,
    non-emotive and highlights what the dangers are for both them as a company
    and you as a consumer.

    On one major NZ commercial site, there are substantial references to
    doubleclick! This site also demands IE. The issues need to be raised at the
    highest level in each organisation as if their web site developers know so
    little about what they are doing that they feel they need to use the
    services of a site such as doubleclick and can only succeed in programming
    to IE users then there is call for grave concern.

    If you feel that there are serious potential threats to NZ commerce then
    there is a lot of room for escalation and a lot of people that are educated
    and ready to listen. However, there is no room for opinionated forays into
    pointless arguments about which web browser is best, and what they should
    target other than site developers pointlessly excluding users of less common
    browsers for whatever lazy or feeble reason. That is, all commercial sites
    should have IE6 and Netscape 6 minimum compatibility - many other browsers
    immediately follow when this compatibility is achieved, those that don't
    need to get compatible. There is no commercial need for client side java
    scripts or any smarts at the client end - scripts are a luxury that should
    only be deployed to browsers capable of using them properly and not for core
    functionality. Activex is completely out unless you are connecting to
    WindowsUpdate, or maybe a remote free virus scan.

    In terms of the article, they are not prone to exaggerate are they? "As you
    no doubt know, the latest Internet Explorer exploit, Download.Ject,
    escalates security problems to the lose-your-life-savings point for users.
    Do business with an infected bank site and user keystrokes get logged and
    sent to a "bad guy" server. Yow!"

    Lose your life savings? Hmmm you can do that through so many other
    activities - even millionaire Auckland business men have been known to fall
    for the Nigerian scam out of pure greed. I gave up reading the article at
    this line "As of this writing, nobody knows exactly how the Windows-based
    IIS was infected..." as they openly admit they have no idea what they are
    writing about. Did the web master do it?

    It is ultimately up to the consumer to look after their own confidential
    information.

    Me, opinionated? No. Never :)

    - Tim




    "thing" <> wrote in message
    news:p60Kc.8799$...
    > http://channelzone.ziffdavis.com/article2/0,1759,1623215,00.asp
    >
    > Based on this (and its not the first scam)...I wonder as sites like Air
    > New Zealand/ most travel agents sites that only work at all with
    > IE....would they become liable if customers were hacked...?
    >
    > Just how liable are our banks if our bank accounts get emptied?
    >
    > Based on VISA's attitude I suspect zero if they can get away with it....
    >
    > So practical ideas on how to mitigate our risk?
    >
    > regards
    >
    > Thing
    >
    Tim, Jul 17, 2004
    #8
  9. thing

    EMB Guest

    Tim wrote:

    > It is up to you to protect your sign ons and pin numbers.
    >

    <snip>
    >
    > It is ultimately up to the consumer to look after their own confidential
    > information.


    Yep.... and like many other people I do. I also don't leave my wallet
    full of credit cards, etc lying around in public - it lives on my person
    or locked away. But, despite my best efforts I have no way of telling
    if the server I submit my details to is actually uncompromised, I cannot
    know whether the other party will actually store my details securely,
    and new virii, trojans et al can arrive undetected on my (or your)
    machine and do the damage before any removal signature is available.

    The problem is not the things I can control but the unseeable that I
    have absolutely no control over - if I'm ripped off by one of these
    unknowns it is certainly my problem, but certainly *not* my fault - and
    my financial institution *should* indemnify me against these.

    --
    EMB
    change two to number to reply
    EMB, Jul 17, 2004
    #9
  10. thing

    thing Guest

    Tim wrote:
    > It is up to you to protect your sign ons and pin numbers.
    >
    > If you are seen as careless by a bank in looking after your sign on code /
    > pin then they will not be inclined to back you up. If they are careless then
    > I am sure you will get full support. Don't forget there is the banking
    > ombudsman.
    >
    > It is up to you to ensure that your system does not have virus, scumware,
    > spyware, you name it. It is also up to you to ensure that you do not fall
    > prey to phishing expeditions. So, keep up to date with patches regardless of
    > OS or browser, use a firewall, use hygienic surfing habits, and keep your
    > computer clean.


    Trouble is there are now zero day exploits about, add to this so called
    trusted sites are being hacked....not good. What is reasonable for the
    average user to be capable of?

    > If you feel that there are serious potential threats to NZ commerce

    then
    > there is a lot of room for escalation and a lot of people that are educated
    > and ready to listen.


    Trouble is there is so much FUD about determining a true situation is
    all but impossible, I suspect its going to take some serious security
    breaches to get any real headway.

    However, there is no room for opinionated forays into
    > pointless arguments about which web browser is best, and what they should
    > target other than site developers pointlessly excluding users of less common
    > browsers for whatever lazy or feeble reason. That is, all commercial sites
    > should have IE6 and Netscape 6 minimum compatibility -


    Simpler to just say to web standard.

    many other browsers
    > immediately follow when this compatibility is achieved, those that don't
    > need to get compatible. There is no commercial need for client side java
    > scripts or any smarts at the client end - scripts are a luxury that should
    > only be deployed to browsers capable of using them properly and not for core
    > functionality. Activex is completely out unless you are connecting to
    > WindowsUpdate, or maybe a remote free virus scan.


    Some of the interesting things to come will be class actions, once these
    start I suspect we will get some real interest in security.

    > In terms of the article, they are not prone to exaggerate are they? "As you
    > no doubt know, the latest Internet Explorer exploit, Download.Ject,
    > escalates security problems to the lose-your-life-savings point for users.
    > Do business with an infected bank site and user keystrokes get logged and
    > sent to a "bad guy" server. Yow!"
    >
    > Lose your life savings? Hmmm you can do that through so many other
    > activities - even millionaire Auckland business men have been known to fall
    > for the Nigerian scam out of pure greed. I gave up reading the article at
    > this line "As of this writing, nobody knows exactly how the Windows-based
    > IIS was infected..." as they openly admit they have no idea what they are
    > writing about. Did the web master do it?
    >
    > It is ultimately up to the consumer to look after their own confidential
    > information.
    >
    > Me, opinionated? No. Never :)
    >
    > - Tim


    thats
    fine

    Thing
    thing, Jul 18, 2004
    #10
  11. thing

    Damon Nomad Guest

    On , , Sat, 17 Jul 2004 20:58:30 +1200, Re: bank liabilities, EMB
    <> wrote:

    >MarkH wrote:
    >
    >> Westpac NZ’s internet banking works fine with Mozilla.

    >
    >As does the ASB site


    National works well with Netscape 7.1

    "Give a man a fish and he eats for a day. Give
    a man gills and he becomes a fish himself."
    Old Tleilaxu adage.
    Damon Nomad, Jul 18, 2004
    #11
  12. thing

    Gordon Guest

    On Sat, 17 Jul 2004 14:27:35 +1200, thing wrote:

    > Based on this (and its not the first scam)...I wonder as sites like Air
    > New Zealand/ most travel agents sites that only work at all with
    > IE....would they become liable if customers were hacked...?


    You say, "I wonder as sites like Air
    > New Zealand/ most travel agents sites that only work at all with
    > IE...."


    My view is, they do not deserve my $. Go to a up with it/ forward looking
    company.
    Gordon, Jul 18, 2004
    #12
  13. thing

    Gordon Guest

    On Sun, 18 Jul 2004 00:03:36 +1200, Tim wrote:

    > If you feel that there are serious potential threats to NZ commerce then
    > there is a lot of room for escalation and a lot of people that are
    > educated and ready to listen. However, there is no room for opinionated
    > forays into pointless arguments about which web browser is best, and
    > what they should target other than site developers pointlessly excluding
    > users of less common browsers for whatever lazy or feeble reason. That
    > is, all commercial sites should have IE6 and Netscape 6 minimum
    > compatibility - many other browsers immediately follow when this
    > compatibility is achieved, those that don't need to get compatible.


    Look, the W3C sets the browser standards. Everyone should agree to meet
    them, while being able to be part of there, the standards, making.

    MSIE and Netscape, as browsers are becoming history. Still some people do
    drive around in vintage motor cars.
    Gordon, Jul 18, 2004
    #13
  14. thing

    Gordon Guest

    On Sat, 17 Jul 2004 07:17:33 +0000, MarkH wrote:

    > Westpac NZ’s internet banking works fine with Mozilla.


    Platform please.
    Gordon, Jul 18, 2004
    #14
  15. thing

    Gordon Guest

    On Sat, 17 Jul 2004 20:58:30 +1200, EMB wrote:

    > MarkH wrote:
    >

    [snip]

    > As does the ASB site


    Platform please.
    Gordon, Jul 18, 2004
    #15
  16. thing

    Gordon Guest

    On Sun, 18 Jul 2004 11:59:10 +1200, Damon Nomad wrote:

    > On , , Sat, 17 Jul 2004 20:58:30 +1200, Re: bank liabilities, EMB
    > <> wrote:
    >
    >>MarkH wrote:
    >>
    >>> Westpac NZ's internet banking works fine with Mozilla.

    >>
    >>As does the ASB site

    >
    > National works well with Netscape 7.1


    Platform please.
    Gordon, Jul 18, 2004
    #16
  17. thing

    EMB Guest

    Gordon wrote:
    > On Sat, 17 Jul 2004 20:58:30 +1200, EMB wrote:
    >
    >
    >>MarkH wrote:
    >>

    >
    > [snip]
    >
    >
    >>As does the ASB site

    >
    >
    > Platform please.
    >

    Win 2K

    --
    EMB
    change two to number to reply
    EMB, Jul 18, 2004
    #17
  18. thing

    Ralph Fox Guest

    Ralph Fox, Jul 18, 2004
    #18
  19. Patrick Dunford <> wrote in message news:<>...
    > > http://channelzone.ziffdavis.com/article2/0,1759,1623215,00.asp
    > >
    > > Based on this (and its not the first scam)...I wonder as sites like Air
    > > New Zealand/ most travel agents sites that only work at all with
    > > IE....would they become liable if customers were hacked...?
    > >
    > > Just how liable are our banks if our bank accounts get emptied?
    > >
    > > Based on VISA's attitude I suspect zero if they can get away with it....
    > >
    > > So practical ideas on how to mitigate our risk?

    >
    > Is this the IIS that the great Nathan Mercer assured us was bug free?


    Never said IIS was bug free. Nothing is bug free, that would be a
    completely unrealistic and stupid thing to say. Sophisticated
    software created by humans has bugs

    However IIS6 (Windows Server 2003) hasn't (to the best of my
    knowledge) had a vulnerability to date. Its been out for almost 18
    months. Not a bad record in my humble opinion

    The vulnerability you refer to was in IIS5 (Windows 2000), besides it
    was patched months before Download.Ject compromise started. Only
    those that chose to not keep up to date with Security fixes were
    vulnerable

    Cheers
    Nathan
    Nathan Mercer, Jul 18, 2004
    #19
  20. thing

    MarkH Guest

    Gordon <> wrote in news:pan.2004.07.18.05.55.44.146982
    @yahoo.com:

    > On Sat, 17 Jul 2004 07:17:33 +0000, MarkH wrote:
    >
    >> Westpac NZ’s internet banking works fine with Mozilla.

    >
    > Platform please.


    WinXP



    --
    Mark Heyes (New Zealand)
    See my pics at http://homepages.ihug.co.nz/~markh/
    "There are 10 types of people, those that
    understand binary and those that don't"
    MarkH, Jul 18, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Colin `

    Mozilla 1.5 & Smile bank

    Colin `, Oct 13, 2003, in forum: Firefox
    Replies:
    6
    Views:
    513
    Leonidas Jones
    Oct 16, 2003
  2. BobT

    bank program problem

    BobT, Aug 24, 2004, in forum: Firefox
    Replies:
    2
    Views:
    423
    mike555
    Aug 26, 2004
  3. totsob
    Replies:
    1
    Views:
    1,116
    Markus
    Oct 22, 2004
  4. mchiper

    Re: Bank of America or any Bank

    mchiper, Sep 6, 2003, in forum: Computer Security
    Replies:
    4
    Views:
    530
    Frode
    Sep 13, 2003
  5. Richard Pearrell

    salary at Chevy Chase Bank and PNC Bank

    Richard Pearrell, Jul 26, 2006, in forum: Computer Support
    Replies:
    2
    Views:
    946
    richard
    Jul 27, 2006
Loading...

Share This Page