lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <426F93CD.5020803@phreaker.net>
Date: Wed Apr 27 14:30:11 2005
From: class101 at gmail.com (class101@...eaker.net)
Subject: How to Report a Security
	Vulnerability	toMicrosoft

they have pubbed theire contact some days ago: secure@...rosoft.com

Gary O'leary-Steele a ?crit :

>Hi,
>
>Im also trying to report a vulnerability to Microsoft but the site they
>provide is broken
>
>when i fill out and send
>
>https://www.microsoft.com/technet/security/bulletin/alertus.aspx
>
>I get:
>
>We?re sorry, but we were unable to service your request. You may wish to
>choose from the links below for information about Microsoft products and
>services.
>
>
>
>
>
>-----Original Message-----
>From: full-disclosure-bounces@...ts.grok.org.uk
>[mailto:full-disclosure-bounces@...ts.grok.org.uk]On Behalf Of Kevin
>Sent: 27 April 2005 00:11
>To: Microsoft Security Response Center
>Cc: full-disclosure@...ts.grok.org.uk; ntbugtraq@...tserv.ntbugtraq.com
>Subject: Re: [Full-disclosure] How to Report a Security Vulnerability
>toMicrosoft
>
>
>On a related note, today we ran into (headfirst) a bug in Internet
>Explorer with the processing of a AutoProxy scripts (Proxy Automatic
>Configuration aka "PAC", a specialized subset of javascript to make
>client-side web proxy routing decisions).
>
>Eventually I isolated the problem to a broken implementation of
>dnsDomainIs() in Internet Explorer, so I decided to do the right thing
>and report the bug to Microsoft.  This isn't a higly critical security
>flaw, so I hunted around microsoft.com and eventually found the page
>on bug reporting:  http://support.microsoft.com/gp/contactbug
>
>The page states "If you think you have found a bug in a Microsoft
>product, contact our Microsoft Product Support Services department.
>(800) MICROSOFT (642-7676)".  No email address, no web form, just a
>phone number.
>
>So I call this number, and after five minutes of sitting through IVR
>menus, I finally reach a live human.  She asks for my name and phone
>number, and as soon as I mention that I am reporting a bug in Internet
>Explorer, says she will transfer my call.
>
>At that point I get fifteen seconds of music on hold, followed by dead
>air.  That was a half hour ago.
>
>
>Kevin Kadow
>
>(P.S. Yes, this is definitely a bug in MSIE -- every other browser
>I've tried handles dnsDomainIs() correctly, the sole exception is
>MSIE).
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>******************************************************************************************************************************************************************
>NEW: Sec-1 Hacking Training - Learn to breach network security to further your knowledge and protect your network http://www.sec-1.com/applied_hacking_course.html
>******************************************************************************************************************************************************************
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ