Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
3040 posts

Uber Geek
+1 received by user: 466

Trusted
Subscriber

  Reply # 880812 19-Aug-2013 08:41
One person supports this post
Send private message

Talkiet:

Srsly. Try it. Log into internet banking with your caps lock key on and you'll still be able to log in.

Cheers - N


ASB is also case INsensitive.  When prompted, they'll claim it doesn't matter because they have "128 bit encrypitation".  Srsly, direct quote.  Including misspelling.

On the actual topic though, the email is legitimate.  Westpac contracts out their marketing communications to AffinityID who own eid.co.nz.



6337 posts

Uber Geek
+1 received by user: 310

Trusted
Subscriber

  Reply # 880824 19-Aug-2013 09:28
Send private message

Hi guys and Kyanar thanks for that confirmation. The fact that it was addressed (not email address but person) from an account manager at a branch I have never used I feel is pretty poor.

If they want to market their wares to me then this is a fail, listening Westpac?

Cyril

Mr Snotty
8028 posts

Uber Geek
+1 received by user: 4018

Moderator
Trusted
Lifetime subscriber

  Reply # 880896 19-Aug-2013 10:56
Send private message

Doesn't appear to be phishing, the form doesn't ask for any details, but by the looks you'll receive a call / email from a rep now >.<

"Thanks, we’ll be in touch shortly"




810 posts

Ultimate Geek
+1 received by user: 191
Inactive user


  Reply # 881282 19-Aug-2013 22:26
Send private message

I had to check this out for myself, turned on caps lock and went and tried kiwibank - straight in. I feel cheated somehow.

Also, 'encrypitation' is my word of the day. Say it out loud, it's fun :).

3040 posts

Uber Geek
+1 received by user: 466

Trusted
Subscriber

  Reply # 881323 20-Aug-2013 07:19
Send private message

PaulBags: I had to check this out for myself, turned on caps lock and went and tried kiwibank - straight in. I feel cheated somehow.

Also, 'encrypitation' is my word of the day. Say it out loud, it's fun :).


Oo yeah when we first heard that one, we were saying it all day at the office.  Hilarious!

It seems not many banks are actually using case sensitive passwords.  BNZ does, as does TSB.  Unsure about Co-Operative or ANZ.  The bit that worries me is, are they normalising case prior to comparing a hash, or is the password stored in plain text in the database?

919 posts

Ultimate Geek
+1 received by user: 224

Subscriber

  Reply # 881878 20-Aug-2013 22:29
Send private message

I have accounts with 3 banks at the moment:

ASB: Case insensitive
ANZ: Case sensitive
BNZ: Case sensitive and even warned me that my caps lock is on

I also have business accounts with the Commonwealth Bank over in Australia, that one forced me to have mixed case characters in my password.

125 posts

Master Geek
+1 received by user: 39


  Reply # 881881 20-Aug-2013 22:34
Send private message

National Bank  ANZ password is case sensitive

American Express (who won't even send out a Merchant Application form without requiring you to sign up for their encrypted email) is totally case INsensitive 

1332 posts

Uber Geek
+1 received by user: 152
Inactive user


  Reply # 881894 20-Aug-2013 22:53
Send private message

I've been wondering about this, does this mean the password is stored in plain text somewhere or that there are multiple hashes of the password kept? I'm not sure how they can achieve the case insensitivity on what should be an encrypted string.

21546 posts

Uber Geek
+1 received by user: 4393

Trusted
Subscriber

  Reply # 881898 20-Aug-2013 23:02
Send private message

Just normalize the case to upper or lower before hashing it.




Richard rich.ms

1 post

Wannabe Geek

Trusted
Westpac

  Reply # 882931 22-Aug-2013 17:09

Hi all,

Confirming that this is actually a genuine email from Westpac.  It is not a phishing scam.  We post all scams that we are aware of via this link: http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/report-a-phishing-scam/ If you have a concern about any communication from Westpac please email phishing@westpac.co.nz
WestpacNZ

BDFL - Memuneh
61519 posts

Uber Geek
+1 received by user: 12241

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 882968 22-Aug-2013 18:21
Send private message

michaelmurfy: Doesn't appear to be phishing, the form doesn't ask for any details, but by the looks you'll receive a call / email from a rep now >.<

"Thanks, we’ll be in touch shortly"


As above and as per the WestpacComms reply. I checked the link and it didn't look like phishing - it didn't ask for any personal information at all.

I think people need to fine tune their "phishing radar" around here.







6337 posts

Uber Geek
+1 received by user: 310

Trusted
Subscriber

  Reply # 882991 22-Aug-2013 19:11
3 people support this post
Send private message

Hi, all happy that it was not phishing, but if you get an email from 21Y799o4P9TWH@viewemail.westpac.co.nz who then introduces himself as the manager of a branch you have never been in and then carries on to provide links for you to click on that are not at westpac.co.nz then I think you have a genuine reason to feel a little suspicious................. no?

Maybe its just me, but if it raises the slightest suspicion then when it comes to my finances straight in the bin it goes. I really think you need to make this seem more genuine.

Cheers
Cyril

810 posts

Ultimate Geek
+1 received by user: 191
Inactive user


  Reply # 883000 22-Aug-2013 19:40
Send private message

WestpacComms: ... We post all scams that we are aware of via this link ...

Because there couldn't possibly be any westpac scams that your unaware of. :rollseyes:

I always love getting email from paypal. How many people use paypal.com, only to end up getting email from paypal.com.sg and thinking "danger Will Robinson".

And now kiwibank are at it, got an email today telling me that they're changing the way they handle emails blah blah, with a bunch of complicated links everywhere. Thing is they have secure mail via their web banking, and I never get email from them. What am I supposed to think?

8027 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 883030 22-Aug-2013 20:38
Send private message

Kyanar:
Talkiet:

Srsly. Try it. Log into internet banking with your caps lock key on and you'll still be able to log in.

Cheers - N


ASB is also case INsensitive.  When prompted, they'll claim it doesn't matter because they have "128 bit encrypitation".  Srsly, direct quote.  Including misspelling.



It's probably a legacy thing that hasn't been eradicated yet.

8027 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 883032 22-Aug-2013 20:39
Send private message

richms: Just normalize the case to upper or lower before hashing it.


Yeah most likely.

1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.