[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BE95468933894D4D966D724C295E15A202371A28@mcg-ex05.mcgov.org>
Date: Tue, 10 Aug 2004 10:13:35 -0400
From: "Discini, Sonny" <Sonny.Discini@...tgomerycountymd.gov>
To: "Jedi/Sector One" <j@...eftpd.org>,
"Michael Scheidell" <scheidell@...nap.net>
Cc: <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com>
Subject: RE: Anyone know IBM's security address?
I am currently having the same experience with IBM. Our team has
discovered a crippling vulnerability (in a product in the Tivoli suite)
and for months our IBM contacts have tried passing the buck if they
respond at all. We plan on disclosing the vulnerability before long but
we want to be sure that we run through the normal process before
releasing the information to bugtraq.
Sonny Discini
Senior Network Security Engineer
-----Original Message-----
From: Jedi/Sector One [mailto:j@...eftpd.org]
Sent: Friday, August 06, 2004 5:42 PM
To: Michael Scheidell
Cc: full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com
Subject: Re: Anyone know IBM's security address?
On Fri, Aug 06, 2004 at 05:11:19PM -0400, Michael Scheidell wrote:
> Have a vulnerability in an IBM product.
> sent alert to security@....com secure@....com and cert@....com, all
> three bounced. Can anyone tell me the official address or procedure to
> notify IBM?
For AIX-releated flaws, the contact is security-alert@...tin.ibm.com
For other products... good luck. I also have a vulnerability in an IBM
product but I wasn't able to get in touch with anyone.
Online forms told me to call a number that is unreachable outside USA.
The AIX security officer told me he would find the right contact but I
never got anything else since.
--
__ /*- Frank DENIS (Jedi/Sector One) <j at 42-Networks.Com> -*\
__
\ '/ <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>
\' /
\/ <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>
\/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists