

CommBank: What you need to know about heartbleed (responses in comments) - dools
https://www.commbank.com.au/blog/what-you-need-to-know-about-heartbleed.html

======
jlawer
I never really worried about heart bleed with CBA as I figured if they were
stung by it our consumer banking laws would pretty much effectively ensure
that the bank wore the costs (at least until they could pass it on to a
merchant). The banks are in a position where they need to promote internet
banking (it keeps their costs down) and the small costs they incur on
providing a security guarantee pretty much ensure as a consumer your going to
be OK.

On the other hand the ridiculous response is moronic. Someone needs to loose
their job over that. Repeating a canned answer that fails to answer the
question is the height of arrogance and adds nothing to the conversation.

If they don't know then they need to say that it is being dealt with by
another team and the information will be available at a (defined) later date.
In the mean time people can rest assured that their money is secure and CBA
will guarantee it against these and other threats.

What a way to turn a great feature (their security guarantee) into a negative
by treating people as mushrooms.

------
mhenr18
Well, that's entirely disheartening. As a CBA customer I'd expect an actual
response, not just something that's effectively "It's all OK, stop asking"
copied everywhere. A technology blog should be run by those who can actually
give technical details on demand.

Changed my password anyway, like I did with every other service I use.

