[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Wachovia Bank website sends confidential information

To: Jim Popovitch <yahoo@xxxxxxxxxx>
Subject: Re: [Full-disclosure] Wachovia Bank website sends confidential information
From: Tremaine Lea <tremaine@xxxxxxxxx>
Date: Tue, 10 Jul 2007 20:00:14 -0600

On 10-Jul-07, at 7:39 PM, Jim Popovitch wrote:

> On Tue, 2007-07-10 at 20:20 -0400, Bob Toxen wrote:
>> VI. VENDOR RESPONSE
>>
>> The vendor (Wachovia Bank) was notified via their customer service
>> phone number on June 25.  We were transferred to "web support".  The
>> person answering asked us to FAX the details to her and we did so,
>> also on June 25.  We explained that we were reporting a severe
>> security problem on their web site.
>
> Severe?  All that seems to be leaked is a person's Name/Address/SSN
> number and some other details.  While this is too much info to  
> leak, I'd
> hardly say it's severe.   That same info can be easily found in  
> people's
> mailboxes weekdays between noon and 4pm.
>

Yeah, but that doesn't scale as well.

---
Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Wachovia Bank website sends confidential information
  - From: Bob Toxen
- Re: [Full-disclosure] Wachovia Bank website sends confidential information
  - From: Jim Popovitch

Prev by Date: Re: [Full-disclosure] Wachovia Bank website sends confidential information
Next by Date: [Full-disclosure] HomestayFinder XSS Vulnerability in Wikipedia Mirror
Previous by thread: Re: [Full-disclosure] Wachovia Bank website sends confidential information
Next by thread: Re: [Full-disclosure] Wachovia Bank website sends confidential information
Index(es):
- Date
- Thread