Re: CCBILL critical vulnerability story part II

[Jeffrey Walton <noloader () gmail com>]

On Mon, Dec 20, 2010 at 9:27 AM, Maciej Gojny <vuln () ariko-security com> wrote:
> hello  FULL  DISCLOSURE!
>
> We have found nice story about our previous ccbill advisory:
> http://gfy.com/showthread.php?t=982701&page=2
>
>  CCBILL CEO Ron C has written:
>
> "This report was a complete joke. This was just a variation of a Nigerian scam. We contacted the website and they 
> responded via GMAIL if we would "Western Union" them 10k they would tell us what was wrong. LOL They create a fake 
> security page and post stuff and hope companies will pay the blackmail money VIA WESTERN UNION (LOL)

Wow.....

"Its unfortunate that the vendor did not respond. But in the US,
legislation is such that its more cost effective to suffer the breach
and then turn it over to PR ...",
http://seclists.org/fulldisclosure/2010/Aug/188. Quod Erat
Demonstrandum.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/