I responded to the initial e-mail from Secunia with most of the details they requested and created some tickets so I remembered after my holiday I needed to fix stuff. Today, I received another e-mail stating that my fix was not a proper fix since hackers could still trick people in clicking a link and doing stuff... which is oh so true (sadly enough). They also informed me about a bug that's much worse.. I've already looked at my code and will fix up this hole ASAP. There's nothing like a giant security hole to fix hours before you leave on a one week holiday. Secunia stated that they wouldn't release any information on the big hole until I release public information on it. In the end, I wish the anonymous guy had just send me a quick note but I do respect Secunia's time and effort to get this resolved. I'd prefered better timing tho!
