01 September 2010

Orange Spain privacy misconfiguration fixed!

I`m just being informed by"Anonymous" that the issue with the headers in Orange Spain has been fixed. I copy below a recent trace where the MSISDN is not being added anymore:

accept: text/html,text/vnd.wap.wml,application/vnd.wap.html+xml,application/xhtml+xml,application/vnd.wap.xhtml+xml,text/x-wap.wml,text/x-hdml,text/vnd.sun.j2me.app-descriptor,application/java-archive,application/octet-stream,,image/png,image/gif,image/jpg,image/jpeg,*/*
accept-charset: iso-8859-1,utf-8
accept-language: en-us,en;q=0.5
user-agent: HeaderValidator/1.1
x-up-subno: {REMOVED}
Cache-Control: max-stale=0
Connection: Keep-Alive
X-BlueCoat-Via: 4A19C93B98112ACC

I see they also removed some unnecessary headers (more on this in a future post)
The Full Disclosure Mailing List and twitter managed to caught their attention.
Another example that responsible disclosure is not always enough.

No comments:

Post a Comment