lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 10 Jan 2007 15:56:02 -0800
From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@...bell.net>
To: Nick Boyce <nick.boyce@...il.com>
Cc: Bugtraq <bugtraq@...urityfocus.com>
Subject: Re: SAP Security Contact

Security@...rosoft.com goes to the police/traffic department at a 
certain northwest USA software company.
Secure@...rosoft.com is the proper alias for security bugs.

:-)

Nick Boyce wrote:
> On 1/7/07, Nicob <nicob@...ob.net> wrote:
>
>> security@...ain.tld is the only standardized security contact (as
>> defined by RFC 2142)
>
> While nobody could argue with that, I've lost count of the number of
> banks and similar organisations to which I've tried to report phishing
> scams via their "security@" alias, only to get a bounce saying no such
> address.
>
> And in at least one case (org name escapes me now) the "security@"
> alias turned out to be a *physical* security department, populated by
> large gentlemen with peaked caps and bulging armpits ... so you can't
> rely on "security@".
>
> Nick Boyce

-- 
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down...
http://blogs.technet.com/sbs

Powered by blists - more mailing lists