[VIM] vendors bring it on themselves sometimes..

security curmudgeon jericho at attrition.org
Wed Jul 11 00:43:29 UTC 2007



: Wachovia Bank website sends confidential information (social security 
: numbers, phone number, address, etc.) over the Internet without 
: encryption.
: 
: Horizon Network Security Security Advisory 07/10/2007

: The vendor (Wachovia Bank) was notified via their customer service phone 
: number on June 25.  We were transferred to "web support".  The person 
: answering asked us to FAX the details to her and we did so, also on June 
: 25.  We explained that we were reporting a severe security problem on 
: their web site.

: VIII. DISCLOSURE TIMELINE
: 
: 06/25/2007  Initial vendor notification
: 06/25/2007  Vendor requested FAXed details
: 06/25/2007  Details FAXed to vendor
: 
: 07/20/2007  No vendor response
: 07/20/2007  Public disclosure on this Full Disclosure list

In this day and age, asking for the information to be faxed is silly. 


More information about the VIM mailing list