RE: How to Report a Security Vulnerability toMicrosoft

["Airey, John" <John.Airey () rnib org uk>]

> -----Original Message-----
> From: Ag. System Administrator [mailto:sysadmin () agent co il] 
> Sent: 11 April 2005 16:36
> To: Airey, John
> Cc: Full-Disclosure
> Subject: Re: [Full-disclosure] How to Report a Security 
> Vulnerability toMicrosoft
>
>
>
> Airey, John wrote:
> > > -----Original Message-----
> > > From: full-disclosure-bounces () lists grok org uk
> > > [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of 
> > > Microsoft Security Response Center
> > > Sent: 08 April 2005 20:21
> > > To: bugtraq () securityfocus com;
> > > ntbugtraq () listserv ntbugtraq com; full-disclosure () lists grok org uk
> > > Subject: [Full-disclosure] How to Report a Security Vulnerability 
> > > toMicrosoft
> > >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Hello!
> > >
> > > The Microsoft Security Response Center investigates all reports of 
> > > security vulnerabilities sent to us that affect Microsoft products.
> > > If you believe you have found a security vulnerability affecting a 
> > > Microsoft product, we would like to work with you to investigate it.
> > >
> > > We are concerned that people might not know the best way to report 
> > > security vulnerabilities to Microsoft. You can contact the 
> Microsoft 
> > > Security Response Center to report a vulnerability by emailing 
> > > secure () microsoft com directly, or you can submit your 
> report via our 
> > > web-based vulnerability reporting form located at:
> > > https://www.microsoft.com/technet/security/bulletin/alertus.aspx.
> > >
> > > Sincerely,
> > > Microsoft Security Response Center
> >
> > [snip]
> >
> > Unless there's something wrong at my end (I hope not), this message 
> > doesn't appear to have been signed with the key at 
> > http://www.microsoft.com/technet/Security/bulletin/pgp.mspx.
> >
> > Am I right or not?
> not.
>
> Key Id: 0xAA55BC66 / Signed on: 04/08/2005 10:17 PM
>
> It's them...

That's the key id on the web page, but the key id of the key on that
page says 0x0B2E5E2D. It has fingerprint E561 2A79 6439 13E4  430B 92F0
2732 52F1 and never expires.

Can anyone else confirm this?

-- 
John Airey, BSc (Jt Hons), CNE, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848
John.Airey () rnib org uk 

I'm cycling the 2005 Etape du Tour in France to raise vital funds for
RNIB, if you'd like to sponsor me, visit
http://justgiving.com/rnibetape.

"A man cannot consider himself educated unless he has read the Bible" -
Abraham Lincoln

-- 
DISCLAIMER:

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged.  If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system.

RNIB endeavours to ensure that emails and any attachments generated by
its staff are free from viruses or other contaminants.  However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent
those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/