lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <87k72cqv6d.fsf@canaima.chapus.net>
Date: Tue, 24 Feb 2004 11:49:46 -0500
From: peloy@...pus.net (Eloy A. Paris)
To: bugtraq@...urityfocus.com
Subject: Re: Bank of America Contact


Jon,

This is a message directed more to your company's incident response team
that to you, but I don't know how to reach them. I hope they follow
Bugtraq, or that you forward the message.

Jon W <jonw@...co.com> writes:

> I work at Bank of America. I asked our incident-response team, and
> they would like the BUGTRAQ community to know that
> abuse@...kofamerica.com is monitored for reports by real security
> admins.
>
> So that would be the main point of contact for reports.

Let's say that you didn't happen to be monitoring Bugtraq. How does
someone not associated with your company find the right point of contact
information for reporting security problems to your company?

I quickly searched BoA's web site and couldn't find anything that
pointed to the e-mail address you mention. I found information on how to
report a lost or stolen ATM, check, and credit cards, how to handle
identity theft, but nothing on how to report, for example, a
vulnerability in a BoA web application. Please correct me if I missed
the obvious.

In other words, it seems fairly easy for a customer to find information
on how to report fraud, but it is not easy for a security researcher (or
even a regular customer) to find information on how to report
vulnerabilities in the company's infrastructure.

This type of information should be provided in a very prominent place at
the company's website.

Cheers,

Eloy.-


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ