I`m just being informed by"Anonymous" that the issue with the headers in Orange Spain has been fixed. I copy below a recent trace where the MSISDN is not being added anymore:
I see they also removed some unnecessary headers (more on this in a future post)
The Full Disclosure Mailing List and twitter managed to caught their attention.
Another example that responsible disclosure is not always enough.
Testing Security Keys
4 months ago