Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: [CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application
From: coderman <coderman () gmail com>
Date: Tue, 17 Dec 2013 09:21:33 -0800

On Mon, Dec 16, 2013 at 2:50 PM, Fyodor <fyodor () nmap org> wrote:
Apparently you touched a nerve!  If the legal threats we received for
archiving this security advisory on SecLists.org are any indication,
ZippyYum really doesn't want anyone to know they were storing users' credit
card info (including security code) and passwords in cleartext on their

Here are the legal threats we received today and last Wednesday:
---------- Forwarded message ----------
From: Mikken Tutton <mikken.tutton () intersecworldwide com>
Date: Mon, Dec 16, 2013 at 1:33 PM
We contacted you last week regarding some private information about our
client that you have posted on your website, in violation of Non-Disclosure
agreements we have in place with our customer Zippy Yum. We are requesting
that this information be removed immediately.

i have a solution to the incompetent PCI vendor problem:
 put credit card data under NDA!

how many nastygrams does seclists get a year?

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]