Bugtraq mailing list archives
Re: SAP Security Contact
From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa () pacbell net>
Date: Wed, 10 Jan 2007 15:56:02 -0800
Security () microsoft com goes to the police/traffic department at a certain northwest USA software company.
Secure () microsoft com is the proper alias for security bugs. :-) Nick Boyce wrote:
On 1/7/07, Nicob <nicob () nicob net> wrote:security () domain tld is the only standardized security contact (as defined by RFC 2142)While nobody could argue with that, I've lost count of the number of banks and similar organisations to which I've tried to report phishing scams via their "security@" alias, only to get a bounce saying no such address. And in at least one case (org name escapes me now) the "security@" alias turned out to be a *physical* security department, populated by large gentlemen with peaked caps and bulging armpits ... so you can't rely on "security@". Nick Boyce
--Letting your vendors set your risk analysis these days? http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs
Current thread:
- SAP Security Contact Mark Litchfield (Jan 04)
- <Possible follow-ups>
- Re: SAP Security Contact Fritz . Bauspiess (Jan 05)
- Re: SAP Security Contact Thor (Hammer of God) (Jan 06)
- Re: SAP Security Contact Ansgar -59cobalt- Wiechers (Jan 08)
- Re: SAP Security Contact Nicob (Jan 08)
- Re: SAP Security Contact Stan Bubrouski (Jan 09)
- Re: SAP Security Contact Nick Boyce (Jan 10)
- Re: SAP Security Contact Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Jan 11)
- Re: SAP Security Contact Thor (Hammer of God) (Jan 10)