| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Dec 2010 09:56:45 -0500 From: Jeffrey Walton <noloader@...il.com> To: Maciej Gojny <vuln@...ko-security.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: CCBILL critical vulnerability story part II On Mon, Dec 20, 2010 at 9:27 AM, Maciej Gojny <vuln@...ko-security.com> wrote: > hello FULL DISCLOSURE! > > We have found nice story about our previous ccbill advisory: > http://gfy.com/showthread.php?t=982701&page=2 > > CCBILL CEO Ron C has written: > > "This report was a complete joke. This was just a variation of a Nigerian scam. We contacted the website and they responded via GMAIL if we would "Western Union" them 10k they would tell us what was wrong. LOL They create a fake security page and post stuff and hope companies will pay the blackmail money VIA WESTERN UNION (LOL) Wow..... "Its unfortunate that the vendor did not respond. But in the US, legislation is such that its more cost effective to suffer the breach and then turn it over to PR ...", http://seclists.org/fulldisclosure/2010/Aug/188. Quod Erat Demonstrandum. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists