blog Whoah. It looks like Australian superannuation fund First State Super has had a massive, corporate-style over-reaction to a security analyst, Patrick Webster who politely let it know about an obvious, glaring security hole in its online platform.
The full details have been published by Secure Computing Magazine (and we recommend you also check out their earlier article here). But basically it looks like it’s a case of the poor analyst reported the flaw, was politely thanked by First State, and then had his details summarily handed over to the cops, who showed up on his doorstop shortly after. Further information comes from security podcast Risky.Biz, which reports:
“Perhaps instead of contacting the law, First State Superannuation would have done well to send Webster, who ironically enough spent much of his career working in information security for NSW Police, a nice bottle of single malt and a sun hat.”
We agree. Surely there is someone with an iota of sense in First State Super? Anyone? Someone, perhaps, who could listen to the NSW Police on this matter, which has decided to take no action on the issue, describing Webster as “a civic-minded person”?