Hilarious. If I were just plain ignoring the PCI DSS, I'd want to hide evidence of it, too.
If you really want to ruin their day, report this to VISA. -- W. Scott Lockwood III GWB20090338817 AMST Tech On Dec 17, 2013 3:12 AM, "Fyodor" <fyo...@nmap.org> wrote: > On Fri, Dec 6, 2013 at 8:07 PM, Daniel Wood <daniel.w...@owasp.org> wrote: > >> Title: [CVE-2013-6986] Insecure Data Storage in Subway Ordering for >> California (ZippyYum) 3.4 iOS mobile application >> >> Reported to Vendor: May 2013 >> CVE Reference: CVE-2013-6986 >> > > Apparently you touched a nerve! If the legal threats we received for > archiving this security advisory on SecLists.org are any indication, > ZippyYum really doesn't want anyone to know they were storing users' credit > card info (including security code) and passwords in cleartext on their > phones. > > "Please remove this information from your website immediately in order at > avoid further legal action." --Mikken Tutton, CEO of ZippyYum client > IntersecWorldWide > > Of course we have ignored the threats and kept the advisory proudly posted > at: http://seclists.org/fulldisclosure/2013/Dec/39 > > Here are the legal threats we received today and last Wednesday: > > ---------- Forwarded message ---------- > From: Mikken Tutton <mikken.tut...@intersecworldwide.com> > Date: Mon, Dec 16, 2013 at 1:33 PM > Subject: Fwd: > To: jo...@grok.org.uk, fyo...@nmap.org, hostmas...@insecure.org > > Dear Webmaster, > > We contacted you last week regarding some private information about our > client that you have posted on your website, in violation of Non-Disclosure > agreements we have in place with our customer Zippy Yum. We are requesting > that this information be removed immediately. The information to which I am > referring is located on this page of your website: > http://seclists.org/fulldisclosure/2013/Dec/39 > > We would appreciate the courtesy of a response to our email within 48 > hours so we can resolve this issue. > > If we do not receive a response, we will turn this matter over to our > attorney for legal action. Thank you for your prompt attention to this > matter. > > Sincerely, > > Mikken Tutton > CEO > > > ---------- Forwarded message ---------- > From: Mikken Tutton <mikken.tut...@intersecworldwide.com> > Date: Wed, Dec 11, 2013 at 11:03 AM > Subject: Re: > To: fyo...@nmap.org > Cc: jo...@grok.org.uk > > Dear Mr. Lyon, > > It has come to my attention that the attached information is posted on > your website about one of our clients. However, this information was > released to you with out authorization and is protected by the > Non-Disclosure Agreements we have in place, both with our client and also > with the contractor who submitted the information to your website in > violation of said NDA. > > Please remove this information from your website immediately in order at > avoid further legal action. Attached is a screen shot of the client > information I am referring to. Please advise if you have any questions. > > We appreciate your prompt attention to this matter. > > Thank you. > > > Sincerely, > > Mikken Tutton > CEO > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/