lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <B3BCAF4246A8A84983A80DAB50FE724214B175@secnap2.secnap.com>
Date: Tue, 10 Aug 2004 10:36:09 -0400
From: "Michael Scheidell" <scheidell@...nap.net>
To: "Discini, Sonny" <Sonny.Discini@...tgomerycountymd.gov>,
   "Jedi/Sector One" <j@...eftpd.org>
Cc: <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com>
Subject: RE: Anyone know IBM's security address?


5 days of no response should be enough....


-----Original Message-----
From: Discini, Sonny [mailto:Sonny.Discini@...tgomerycountymd.gov]
Sent: Tuesday, August 10, 2004 10:14 AM
To: Jedi/Sector One; Michael Scheidell
Cc: full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com
Subject: RE: Anyone know IBM's security address?


I am currently having the same experience with IBM. Our team has
discovered a crippling vulnerability (in a product in the Tivoli suite)
and for months our IBM contacts have tried passing the buck if they
respond at all. We plan on disclosing the vulnerability before long but
we want to be sure that we run through the normal process before
releasing the information to bugtraq.

Sonny Discini
Senior Network Security Engineer





-----Original Message-----
From: Jedi/Sector One [mailto:j@...eftpd.org] 
Sent: Friday, August 06, 2004 5:42 PM
To: Michael Scheidell
Cc: full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com
Subject: Re: Anyone know IBM's security address?


On Fri, Aug 06, 2004 at 05:11:19PM -0400, Michael Scheidell wrote:
> Have a vulnerability in an IBM product.
> sent alert to security@....com secure@....com and cert@....com, all 
> three bounced. Can anyone tell me the official address or procedure to

> notify IBM?

  For AIX-releated flaws, the contact is security-alert@...tin.ibm.com
  
  For other products... good luck. I also have a vulnerability in an IBM
product but I wasn't able to get in touch with anyone.

  Online forms told me to call a number that is unreachable outside USA.
  
  The AIX security officer told me he would find the right contact but I
never got anything else since.

-- 
 __  /*-    Frank DENIS (Jedi/Sector One) <j at 42-Networks.Com>    -*\
__
 \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>
\' /
  \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>
\/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ