Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application

From: coderman <coderman () gmail com>
Date: Tue, 17 Dec 2013 09:21:33 -0800
On Mon, Dec 16, 2013 at 2:50 PM, Fyodor <fyodor () nmap org> wrote:

...
Apparently you touched a nerve!  If the legal threats we received for
archiving this security advisory on SecLists.org are any indication,
ZippyYum really doesn't want anyone to know they were storing users' credit
card info (including security code) and passwords in cleartext on their
phones.

...
Here are the legal threats we received today and last Wednesday:
---------- Forwarded message ----------
From: Mikken Tutton <mikken.tutton () intersecworldwide com>
Date: Mon, Dec 16, 2013 at 1:33 PM
...
We contacted you last week regarding some private information about our
client that you have posted on your website, in violation of Non-Disclosure
agreements we have in place with our customer Zippy Yum. We are requesting
that this information be removed immediately.



i have a solution to the incompetent PCI vendor problem:
 put credit card data under NDA!



how many nastygrams does seclists get a year?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: