[VIM] vendors bring it on themselves sometimes..
security curmudgeon
jericho at attrition.org
Wed Jul 11 00:43:29 UTC 2007
: Wachovia Bank website sends confidential information (social security
: numbers, phone number, address, etc.) over the Internet without
: encryption.
:
: Horizon Network Security Security Advisory 07/10/2007
: The vendor (Wachovia Bank) was notified via their customer service phone
: number on June 25. We were transferred to "web support". The person
: answering asked us to FAX the details to her and we did so, also on June
: 25. We explained that we were reporting a severe security problem on
: their web site.
: VIII. DISCLOSURE TIMELINE
:
: 06/25/2007 Initial vendor notification
: 06/25/2007 Vendor requested FAXed details
: 06/25/2007 Details FAXed to vendor
:
: 07/20/2007 No vendor response
: 07/20/2007 Public disclosure on this Full Disclosure list
In this day and age, asking for the information to be faxed is silly.
More information about the VIM
mailing list