Thursday, October 6, 2011
Zero-Day Vulnerability On American Express Website Now Closed
American Express say it shut down the webpage that left a portion of its website open for anyone to access in what's being a called a zero-day security vulnerability, the company says in statement. The security issue was first discovered by developer Niklas Femerstrand, who attempted to reach out to American Express via Twitter in the hopes of being pointed to an email address he could use to send the company further details regarding the issue. The seemingly confused Twitter rep asked him whether he was an Amex�cardholder and offered him a phone number to call, despite his objections to contacting Amex via phone, fax or physical mail. In frustration, Femerstrand published the details to his blog instead.