Thread: CCBill.com multiple vulnerabilities
View Single Post
Old 10-15-2010, 03:38 PM  
signupdamnit
Confirmed User
 
signupdamnit's Avatar
 
Industry Role:
Join Date: Aug 2007
Posts: 6,697
Quote:
Originally Posted by RonC View Post
This report was a complete joke. This was just a variation of a Nigerian scam. We contacted the website and they responded via GMAIL if we would "Western Union" them 10k they would tell us what was wrong. LOL They create a fake security page and post stuff and hope companies will pay the blackmail money VIA WESTERN UNION (LOL)

But hey if it is on the Internet it MUST BE TRUE.

End of Story.


Ron C
_________
CEO

CCbill.com
Cavecreek.com
Interesting. I suppose we all should have researched this further before giving it credence.

I see where your team spoke about this months ago:

http://seclists.org/fulldisclosure/2010/Aug/193

Quote:
From: William Bell <williamb () cwie net>
Date: Tue, 17 Aug 2010 03:52:19 +0000

At CCBill we take web application security very seriously. I can assure you that no one in this organization received
any type of disclosure prior to the posting of the vulnerability to this list. It is very easy to reach our Information
Security team at security () ccbill com<mailto:security () ccbill com>. We are working hard to identify the issue in
question and a post will be made here once it is resolved. I ask that the researcher from ariko-security.com please
contact us at the email provided.

William Bell
Director of Information Security
CCBill.com

_______________
I had never heard of these guys before but now I will research them and see if they have tried this in the past with others. If so I will make sure more people know about them.
__________________

You don't like my posts? Put me on ignore or fuck right off. I'll say what I want.
Last edited by signupdamnit; 10-15-2010 at 03:39 PM..
signupdamnit is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote