lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Jan 2007 14:09:55 +0000 From: "Nick Boyce" <nick.boyce@...il.com> To: Bugtraq <bugtraq@...urityfocus.com> Subject: Re: SAP Security Contact On 1/7/07, Nicob <nicob@...ob.net> wrote: > security@...ain.tld is the only standardized security contact (as > defined by RFC 2142) While nobody could argue with that, I've lost count of the number of banks and similar organisations to which I've tried to report phishing scams via their "security@" alias, only to get a bounce saying no such address. And in at least one case (org name escapes me now) the "security@" alias turned out to be a *physical* security department, populated by large gentlemen with peaked caps and bulging armpits ... so you can't rely on "security@". Nick Boyce -- I speak to all bloggers everywhere: just shut up for a second and let me think, will you? -- blog comment at http://it-gears.blogspot.com/ :-)
Powered by blists - more mailing lists