Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wachovia Bank website sends confidential information

From: Tremaine Lea <tremaine () gmail com>
Date: Tue, 10 Jul 2007 20:00:14 -0600
On 10-Jul-07, at 7:39 PM, Jim Popovitch wrote:


On Tue, 2007-07-10 at 20:20 -0400, Bob Toxen wrote:

VI. VENDOR RESPONSE

The vendor (Wachovia Bank) was notified via their customer service
phone number on June 25.  We were transferred to "web support".  The
person answering asked us to FAX the details to her and we did so,
also on June 25.  We explained that we were reporting a severe
security problem on their web site.


Severe?  All that seems to be leaked is a person's Name/Address/SSN
number and some other details.  While this is too much info to  
leak, I'd
hardly say it's severe.   That same info can be easily found in  
people's
mailboxes weekdays between noon and 4pm.



Yeah, but that doesn't scale as well.

---
Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: