Comments on: 0day Full disclosure: American Express

By: M

Tue, 14 Aug 2012 01:55:03 +0000

Just wanted to let you know the right thing.

To the haters:

Realize other people besides the author could already know about this and be exploiting it. By him disclosing it publicly not only is the company aware, but so are you. Now you can both take measures to prevent an attack.

By: How to Make Customer Service Matter Again Part 2 - Brian Solis

How to Make Customer Service Matter Again Part 2 - Brian Solis — Sun, 29 Jul 2012 18:01:47 +0000

[...] but did not have time or patience to go through a “technical support jungle?” He blogged not only about the experience, but he also exposed the code and tipped security publications [...]

By: InfoTech IT Development Blog » Blog Archive » How Security Relates to Your Brand

Thu, 27 Oct 2011 21:23:53 +0000

[...] the problem you need to beware of isn’t just what can be done. It’s also about how bad someone can make your brand look with a post to a website after they have found issues. Depending on your business — it’s [...]

By: Wes

Wes — Wed, 26 Oct 2011 20:59:53 +0000

@Anthony,
Not sure when you checked Discover Card last but when I visit discover.com I am automatically redirected to https://www.discover.com/…

By: Security Notes « 36 Chambers – The Legendary Journeys: Execution to the max!

Fri, 21 Oct 2011 16:05:51 +0000

[...] via HNTV (and PaulDotCom Security Weekly, where I heard about John and Larry talk about it first), American Express learns that you need to provide security contact information. Oh, and secure your pages. The [...]

By: Find A Massive Security Hole At American Express? If You’re Not A Cardholder, It Doesn’t Care « waweru.net

Wed, 12 Oct 2011 01:38:00 +0000

[...] Express… and not only not not being able to find anyone to contact, but also being told that the company would pay more attention to him if he were a cardholer: To my great surprise American Express doesn’t allow anybody to contact them. Instead, [...]

By: Comwise Internetwork Sdn Bhd » Blog Archive » Developer function enables phishing at American Express

Wed, 12 Oct 2011 01:02:04 +0000

[...] specialist Niklas Femerstrand has discovered a hole on theAmerican Express web site that attackers can use to steal, among other things, the login data [...]

By: Anthony

Anthony — Tue, 11 Oct 2011 23:16:10 +0000

If you think AmEx’s website is bad, take a look at Discover Card’s. No SSL on the landing page (and possibly others behind the scenes once you log in).

Oh, and if you need to re-register a replacement card on their site, they are kind enough to email you your existing password as a friendly reminder in CLEARTEXT. Talk about major FAIL on the part of Discover Financial Services, a bank and one of the U.S.’ four major credit card processing companies that developed the Payment Card Industry Data Security Standards… HYPOCRITES!!!

By: Falha de Segurança Compromete Site da American Express | InvasaoHacking.com - Downloads, Video Aulas e Tutoriais sobre Hacker, Trojans, Keyloggers, Worms, Malwares, Virus, phishing, Exploit, Shells, Defacer, banking, carding, Hackear orkut, Hackear Msn,

Tue, 11 Oct 2011 16:30:02 +0000

[...] Saiba Mais: [1] 0-Day Full Disclosure American Express http://qnrq.se/full-disclosure-american-express/ [...]

By: Межсайтовый скриптинг на сайте American Express | Банкомёт

Межсайтовый скриптинг на сайте American Express | Банкомёт — Tue, 11 Oct 2011 10:47:37 +0000

[...] опубликовал свое "открытие" в среду – в сообщении с POC иллюстрацией [...]