Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Re: Wachovia Bank website sends confidential information
From: Tremaine Lea <tremaine () gmail com>
Date: Tue, 10 Jul 2007 20:00:14 -0600
On 10-Jul-07, at 7:39 PM, Jim Popovitch wrote:


On Tue, 2007-07-10 at 20:20 -0400, Bob Toxen wrote:

VI. VENDOR RESPONSE

The vendor (Wachovia Bank) was notified via their customer service
phone number on June 25.  We were transferred to "web support".  The
person answering asked us to FAX the details to her and we did so,
also on June 25.  We explained that we were reporting a severe
security problem on their web site.


Severe?  All that seems to be leaked is a person's Name/Address/SSN
number and some other details.  While this is too much info to  
leak, I'd
hardly say it's severe.   That same info can be easily found in  
people's
mailboxes weekdays between noon and 4pm.



Yeah, but that doesn't scale as well.

---
Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]