Plimus

Authentication tokens …

Here is another blog about Plimus. It seems like they don’t want to communicate or fix security issues instead they continue building new features. It’s a shame that a company that handles money as a primary business doesn’t have security as a top priority. This blogpost is about a …

Howto crack plimus …

It’s been a while since I have reported a few security bugs to Plimus. It took a few blogposts explaining the issues publicly before I got in contact with an engineer. I understand that making backwards incompatible changes to your customer facing API’s is not a trivial task, however the …

Plimus is working on …

This morning I got a phone call from a phone number in Isreal. It was Tal, an engineer from Plimus. Tal wanted to know about the issues I had found and what solutions I had in mind. Tal also explained their plans for fixing all issues and all the issues that are involved with changing their API. …

Plimus vulnerability: …

It’s been a while since my last post about Plimus. I have contacted Plimus multiple times since and still haven’t got any response from someone with even a basic knowledge of security. They did however visit my blog and that gave me enough information to figure out that their customer …

Plimus vulnerability: …

In my last blogpost about Plimus I talked about the lack of SSL based security. At some point in time Plimus must have realized this and started looking for a solution. Of course, Plimus is a serious business and can’t afford to break backwards compatibility for their customers and so devised …

Plimus vulnerability: …

Plimus Inc. is a company that handles online payments for websites. The websites don’t have to deal with all kinds of credit card companies and banks. Just create a account at Plimus and let them handle all your payments. This means Plimus has access to sensitive customer information and they …

Plimus security flaws

After a few weeks of frustrating email exchange with the Plimus security people I have decided to write this blogpost to warn existing and potential customers of Plimus. The apparent lack of technical knowledge on the side of Plimus and my previous experience in their response to bug reports has …