| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Mar 2014 09:15:50 -0700 From: Kristian Erik Hermansen <kristian.hermansen@...il.com> To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: Bank of the West security contact? Just wanted to post a follow-up to this and provide some context to make it known: * Bank of the West was contacted in 2011 to report a security issue * No response for 2 years * In late 2013, I receive a breach notification saying my own sensitive personal information was compromised via the EXACT SAME ISSUES I REPORTED. I also am led to believe employee information was compromised, which may include Social Security Number (SSN) details. Conclusions? * Bank of the West has NO WORKING SECURITY REPORTING MECHANISM for outside researchers and NO BUG BOUNTY PROGRAM * Bank of the West does not seem to take security and privacy seriously enough, as far as I can tell You should know this if you are an existing or potential customer / employee of Bank of the West... On Fri, Feb 7, 2014 at 9:27 PM, Kristian Erik Hermansen <kristian.hermansen@...il.com> wrote: > Anyone have security contact at Bank of the West? > -- > Kristian Erik Hermansen > https://www.linkedin.com/in/kristianhermansen > https://profiles.google.com/kristian.hermansen -- Regards, Kristian Erik Hermansen https://www.linkedin.com/in/kristianhermansen https://google.com/+KristianHermansen _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists