lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon Apr 11 12:47:58 2005
From: contact_jamie_fisher at yahoo.co.uk (jamie fisher)
Subject: How to Report a Securiyt Vulnerability to
	Microsoft

Hi...  For what it is worth I wanted to wade into this discussion pool.  Recently I found a BO at rad.msn.com and published it to Full Disclosure but not without first contacting Microsoft with my findings.  As it transpires I had sent my findings to the wrong email address.  To cut an uninteresting story short, through an itterative process Microsoft and I worked together (no money involved - and I shouldn't think so either) to understand and resolve the issue.  Suprisingly I found the people at Microsoft very friendly; the sort of people I'd probably have a pint with at the pub on the weekend.
 
Personally I'm vendor OS agnostic, i.e., I dont give a rats arse as to whether you're alligned with Linux, IBM, VMS, Microsoft or Mr Crappy's OS.  As a security consultant, and with politics out of the way my only interest is whether the OS or product can be secured well.  In terms of my experience in finding security vulns and flaws in code I'm quite green, but I do know that it is essential for me to foster a good working relationship with vendors if I am to be anything other than a 'here is my big whoopie security vuln: fUx to M$' type of security consultant.
 
Perhaps Microsoft genuinely thought it about time another anouncement was sent to FD to keep the education process from stalling.  Personally I think they're doing a stellar job!

Send instant messages to your online friends http://uk.messenger.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050411/2ebed6da/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ