lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAH8yC8mezjtKa2b-iTsmTz5=SzfiPyjzmf2mLXnG2Yi_ZZfunQ@mail.gmail.com>
Date: Mon, 22 Apr 2013 14:51:03 -0400
From: Jeffrey Walton <noloader@...il.com>
To: Jann Horn <jann@...jh.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: How do I contact Vodafone Security?

On Mon, Apr 22, 2013 at 9:10 AM, Jann Horn <jann@...jh.net> wrote:
> does anyone know how I can contact Vodafone Security (preferably a
> Germany-specific group because I have no idea whether the issue
> affects people in other countries, too)?
>
> I sent a mail to security@...afone.de and it didn't bounce (in case
> someone from Vodafone is reading this...
I usually use both secure@...mple.com and security@...mple.com. One is
specified in an RFC (see below), the other was popularized by
Microsoft around the same time the RFC was being assembled.

There are few other addresses published in RFC2142
(http://www.ietf.org/rfc/rfc2142.txt). I usually try them too for good
measure.

You also have the Technical and Administrative contacts from the WHOIS
database (http://whois.domaintools.com/vodafone.de).

> Well, I tried phoning them first (01721212), but the helpdesk person told
> me she'd need my password for that (of which I currently don't know
> where exactly it is).
That sounds like Dell and their call routing system (Dell did the same
to me a few years ago when trying to report some issues). Are they
using the same outsourcing firm???

I think the extra effort to contact the company through well known
email addresses and WHOIS contact is a courtesy and due diligence, so
good job on that. But face it - if Vodafone were going to acknowledge
or respond, it would have happened by now. So you get the 0-day effect
with a free conscious.

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ