lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 9 Jan 2007 14:09:55 +0000
From: "Nick Boyce" <nick.boyce@...il.com>
To: Bugtraq <bugtraq@...urityfocus.com>
Subject: Re: SAP Security Contact

On 1/7/07, Nicob <nicob@...ob.net> wrote:

> security@...ain.tld is the only standardized security contact (as
> defined by RFC 2142)

While nobody could argue with that, I've lost count of the number of
banks and similar organisations to which I've tried to report phishing
scams via their "security@" alias, only to get a bounce saying no such
address.

And in at least one case (org name escapes me now) the "security@"
alias turned out to be a *physical* security department, populated by
large gentlemen with peaked caps and bulging armpits ... so you can't
rely on "security@".

Nick Boyce
-- 
I speak to all bloggers everywhere: just shut up for a second and let
me think, will you?
 -- blog comment at http://it-gears.blogspot.com/   :-)

Powered by blists - more mailing lists