lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 10 Jan 2007 15:56:02 -0800
From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <>
To: Nick Boyce <>
Cc: Bugtraq <>
Subject: Re: SAP Security Contact goes to the police/traffic department at a 
certain northwest USA software company. is the proper alias for security bugs.


Nick Boyce wrote:
> On 1/7/07, Nicob <> wrote:
>> security@...ain.tld is the only standardized security contact (as
>> defined by RFC 2142)
> While nobody could argue with that, I've lost count of the number of
> banks and similar organisations to which I've tried to report phishing
> scams via their "security@" alias, only to get a bounce saying no such
> address.
> And in at least one case (org name escapes me now) the "security@"
> alias turned out to be a *physical* security department, populated by
> large gentlemen with peaked caps and bulging armpits ... so you can't
> rely on "security@".
> Nick Boyce

Letting your vendors set your risk analysis these days?

If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down...

Powered by blists - more mailing lists