lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5805AB34A4@isabella.herefordshire.gov.uk>
Date: Wed Apr 27 14:28:51 2005
From: prandal at herefordshire.gov.uk (Randal, Phil)
Subject: How to Report a Security Vulnerability toMi
	crosoft

See http://www.mckeay.net/secure/archives/000422.html

An email to secure@...rosoft.com should do the trick.

Cheers,

Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk 
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf 
> Of Gary O'leary-Steele
> Sent: 27 April 2005 14:16
> To: full-disclosure@...ts.grok.org.uk
> Subject: RE: [Full-disclosure] How to Report a Security 
> Vulnerability toMicrosoft
> 
> Hi,
> 
> Im also trying to report a vulnerability to Microsoft but the 
> site they provide is broken
> 
> when i fill out and send
> 
> https://www.microsoft.com/technet/security/bulletin/alertus.aspx
> 
> I get:
> 
> We're sorry, but we were unable to service your request. You 
> may wish to choose from the links below for information about 
> Microsoft products and services.
> 
> 
> 
> 
> 
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk]On Behalf Of Kevin
> Sent: 27 April 2005 00:11
> To: Microsoft Security Response Center
> Cc: full-disclosure@...ts.grok.org.uk; 
> ntbugtraq@...tserv.ntbugtraq.com
> Subject: Re: [Full-disclosure] How to Report a Security 
> Vulnerability toMicrosoft
> 
> 
> On a related note, today we ran into (headfirst) a bug in 
> Internet Explorer with the processing of a AutoProxy scripts 
> (Proxy Automatic Configuration aka "PAC", a specialized 
> subset of javascript to make client-side web proxy routing decisions).
> 
> Eventually I isolated the problem to a broken implementation of
> dnsDomainIs() in Internet Explorer, so I decided to do the 
> right thing and report the bug to Microsoft.  This isn't a 
> higly critical security flaw, so I hunted around 
> microsoft.com and eventually found the page on bug reporting: 
>  http://support.microsoft.com/gp/contactbug
> 
> The page states "If you think you have found a bug in a 
> Microsoft product, contact our Microsoft Product Support 
> Services department.
> (800) MICROSOFT (642-7676)".  No email address, no web form, 
> just a phone number.
> 
> So I call this number, and after five minutes of sitting 
> through IVR menus, I finally reach a live human.  She asks 
> for my name and phone number, and as soon as I mention that I 
> am reporting a bug in Internet Explorer, says she will 
> transfer my call.
> 
> At that point I get fifteen seconds of music on hold, 
> followed by dead air.  That was a half hour ago.
> 
> 
> Kevin Kadow
> 
> (P.S. Yes, this is definitely a bug in MSIE -- every other 
> browser I've tried handles dnsDomainIs() correctly, the sole 
> exception is MSIE).
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
> 
> **************************************************************
> **************************************************************
> **************************************
> NEW: Sec-1 Hacking Training - Learn to breach network 
> security to further your knowledge and protect your network 
> http://www.sec-1.com/applied_hacking_course.html
> **************************************************************
> **************************************************************
> **************************************
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ