Re: Resolved - NNT Change Tracker - Hard-Coded Encryption Key Originally posted as http://seclists.org/fulldisclosure/2011/May/460

[dennis.brunnen () gmail com]

As is probably obvious to other readers, I did indeed notify NNT by email of the vulnerability before making it public 
- as mentioned in my initial disclosue. I'm not sure what possible reason anyone would have to say that if it were not 
true.

Glad to see you apparently did the right thing and eventually fixed it though.