| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Jan 2007 15:56:02 -0800 From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@...bell.net> To: Nick Boyce <nick.boyce@...il.com> Cc: Bugtraq <bugtraq@...urityfocus.com> Subject: Re: SAP Security Contact Security@...rosoft.com goes to the police/traffic department at a certain northwest USA software company. Secure@...rosoft.com is the proper alias for security bugs. :-) Nick Boyce wrote: > On 1/7/07, Nicob <nicob@...ob.net> wrote: > >> security@...ain.tld is the only standardized security contact (as >> defined by RFC 2142) > > While nobody could argue with that, I've lost count of the number of > banks and similar organisations to which I've tried to report phishing > scams via their "security@" alias, only to get a bounce saying no such > address. > > And in at least one case (org name escapes me now) the "security@" > alias turned out to be a *physical* security department, populated by > large gentlemen with peaked caps and bulging armpits ... so you can't > rely on "security@". > > Nick Boyce -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs
Powered by blists - more mailing lists