http://www.xipiter.com/musings/a-confederacy-of-privacy-dunces-what-we-found... ''' ... Vendor contacts Xipiter directly, acknowledges some (but not all) severity of Xipiter's vulnerabilities and offers Xipiter "reward" (which undoubtedly would come with non-disclosure conditions) ... Xipiter, fed up with how long things were taking for the article, just posts everything here. We found many more vulns like this in other apps (and Senrio has many alerts in the queue for us to investigate) and we want to get to them all, but we have to get back to our actual work.. '''