[18:48] <olly_> morning
[20:03] <ibeardslee> morning
[21:03] <mwhudson> morning
[21:09] <thumper> morning
[21:30] <chilts> morning
[21:44] <olly_> hmm, poli seems to have a web-based thing now, which is virtually indistinguishable from a phishing scam
[21:44] <olly_> i have no way of telling if the internet banking login served via an iframe at https://nz00702.apac.paywithpoli.com/IOLB/Login.jsp is legit...
[21:54] <mwhudson> i think the banks got pretty upset about that
[21:54] <mwhudson> http://www.stuff.co.nz/business/money/8099097/ASB-warns-customers-of-POLi-spoof
[21:55] <mwhudson> http://www.bnz.co.nz/about-us/media/archives/important-security-update-poli
[21:55] <mwhudson> etvc
[21:57] <olly_> hmm, i rang westpac who told me it was legit
[21:58] <mwhudson> oh i'm pretty sure it is
[21:58] <mwhudson> but it's not exactly good training for users
[21:58] <olly_> i think she didn't really get my concern that there's no way to verify
[21:58] <mwhudson> well
[21:58] <olly_> and if you know enough to look at the source, it looks suspect
[21:58] <mwhudson> banks still occasionally phone me up and ask for my security details before offering a loan or whatever
[21:58] <mwhudson> so...
[21:58] <olly_> she didn't seem to have heard of poli until she asked the supervisor, which I find somewhat surprising
[22:00] <hads> I blame the likes of AirNZ for using it and keeping their silly business alive.
[22:11] <chilts> I hate Poli and refuse to pay AirNZ flights with it
[22:11] <chilts> it seems sooo wrong
[22:11] <chilts> as mwhudson says "it's not exactly good training for users"
[22:23] <olly_> it used to be windows-only - i'm not sure this is really an improvement
[22:39] <G> yeah, it was .NET then they started moving people onto a purely web based system
[22:40] <G> the way they rewrite stuff around their iframes etc is pretty freaky, and for banks to allow it, I don't like it
[22:41] <G> We need the Australian BPay (with enhancements) system to be honest