)
--
Message: 1
Date: Tue, 17 Dec 2013 16:13:03 -0600
From: Daniel Wood daniel.w...@owasp.org
To: Full Disclosure Mailing List full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] [CVE-2013-6986] Insecure Data Storage
in Subway Ordering for California (ZippyYum) 3.4 iOS
I would like to point out that the statements made in the emails from
mikken.tut...@intersecworldwide.com are untrue at best, defamatory at worst. I
am not going to lambast Jeff, Mikken, or Intersec Worldwide - but I will defend
myself. Normally I would not respond to something like this in a
On Fri, Dec 6, 2013 at 8:07 PM, Daniel Wood daniel.w...@owasp.org wrote:
Title: [CVE-2013-6986] Insecure Data Storage in Subway Ordering for
California (ZippyYum) 3.4 iOS mobile application
Reported to Vendor: May 2013
CVE Reference: CVE-2013-6986
Apparently you touched a nerve! If the
Hilarious. If I were just plain ignoring the PCI DSS, I'd want to hide
evidence of it, too.
If you really want to ruin their day, report this to VISA.
--
W. Scott Lockwood III
GWB20090338817
AMST Tech
On Dec 17, 2013 3:12 AM, Fyodor fyo...@nmap.org wrote:
On Fri, Dec 6, 2013 at 8:07 PM,
On Mon, Dec 16, 2013 at 2:50 PM, Fyodor fyo...@nmap.org wrote:
...
Apparently you touched a nerve! If the legal threats we received for
archiving this security advisory on SecLists.org are any indication,
ZippyYum really doesn't want anyone to know they were storing users' credit
card info
Title: [CVE-2013-6986] Insecure Data Storage in Subway Ordering for
California (ZippyYum) 3.4 iOS mobile application
Published: DATE
Reported to Vendor: May 2013
CVE Reference: CVE-2013-6986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6986
CVSS v2 Base Score: 4.9
CVSS v2 Vector