[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <45A57D12.7000101@pacbell.net>
Date: Wed, 10 Jan 2007 15:56:02 -0800
From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@...bell.net>
To: Nick Boyce <nick.boyce@...il.com>
Cc: Bugtraq <bugtraq@...urityfocus.com>
Subject: Re: SAP Security Contact
Security@...rosoft.com goes to the police/traffic department at a
certain northwest USA software company.
Secure@...rosoft.com is the proper alias for security bugs.
:-)
Nick Boyce wrote:
> On 1/7/07, Nicob <nicob@...ob.net> wrote:
>
>> security@...ain.tld is the only standardized security contact (as
>> defined by RFC 2142)
>
> While nobody could argue with that, I've lost count of the number of
> banks and similar organisations to which I've tried to report phishing
> scams via their "security@" alias, only to get a bounce saying no such
> address.
>
> And in at least one case (org name escapes me now) the "security@"
> alias turned out to be a *physical* security department, populated by
> large gentlemen with peaked caps and bulging armpits ... so you can't
> rely on "security@".
>
> Nick Boyce
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down...
http://blogs.technet.com/sbs
Powered by blists - more mailing lists