Full Disclosure mailing list archives
Re: Wachovia Bank website sends confidential information
From: Tremaine Lea <tremaine () gmail com>
Date: Tue, 10 Jul 2007 20:00:14 -0600
On 10-Jul-07, at 7:39 PM, Jim Popovitch wrote:
On Tue, 2007-07-10 at 20:20 -0400, Bob Toxen wrote:VI. VENDOR RESPONSE The vendor (Wachovia Bank) was notified via their customer service phone number on June 25. We were transferred to "web support". The person answering asked us to FAX the details to her and we did so, also on June 25. We explained that we were reporting a severe security problem on their web site.Severe? All that seems to be leaked is a person's Name/Address/SSN number and some other details. While this is too much info to leak, I'd hardly say it's severe. That same info can be easily found in people's mailboxes weekdays between noon and 4pm.
Yeah, but that doesn't scale as well. --- Tremaine Lea Network Security Consultant Intrepid ACL "Paranoia for hire" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Wachovia Bank website sends confidential information Bob Toxen (Jul 10)
- Re: Wachovia Bank website sends confidential information scott (Jul 10)
- Re: Wachovia Bank website sends confidential information Jim Popovitch (Jul 10)
- Re: Wachovia Bank website sends confidential information Tremaine Lea (Jul 10)
- Re: Wachovia Bank website sends confidential information Valdis . Kletnieks (Jul 10)
- Re: Wachovia Bank website sends confidential information J. Oquendo (Jul 11)
- Re: Wachovia Bank website sends confidential information kazaam (Jul 11)
- Re: Wachovia Bank website sends confidential information Bob Bruen (Jul 11)
- Re: Wachovia Bank website sends confidential information J. Oquendo (Jul 11)
- Re: Wachovia Bank website sends confidential information Jim Popovitch (Jul 11)
- Re: Wachovia Bank website sends confidential information Bob Bruen (Jul 11)
- Re: Wachovia Bank website sends confidential information Security Guy (Jul 11)