Date: Tue,  8 Jul 2003 16:09:37 -0700
From: <keepitsecret@...h.com>
To: bugtraq@...urityfocus.com
Subject: Fwd: RE: Contact information for Microsoft Security Response Center [tf]



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Very good.

All one needs to do is ask. After wading through a mountain of childish,
 almost fanatical defences of Microsoft and bitter flames for asking
the question, we have a solution from Microsoft today.

- ----- Forwarded Message from Microsoft Security Response Center <secure@...rosoft.com>
- -----
Hi,
Thank you very much for your reply.
A new auto responder has been configured at security@...rosoft.com which
will redirect you to secure@...rosoft.com as a temporary solution until
we can fully migrate "security" to the Security Response Center-- which
is actually in progress.
Traditionally, security@...rosoft.com (which is our internal fire and
life safety department) has been very good about forwarding all email
destined for us.

Thank you again for your feedback. Please let me know if you have any
additional questions or concerns.

Sincerely,
Terri

- -----Original Message-----
From: keepitsecret@...h.com [mailto:keepitsecret@...h.com]
Sent: Friday, July 04, 2003 11:31 AM
To: bugtraq@...urityfocus.com
Subject: Re: Contact information for Microsoft Security Response Center
[tf]


Why do you people insist on using such an unobvious address? Do you have
a catch-all in place?

secure@...rosoft.com is a whimsical address almost as silly as
designating
"abuse@...rosoft.com" to "badstuff@...rosoft.com".

If check where those people you heard saying they tried to contact you
tried first, you would see that the first and most logical address would
be security@...rosoft.com

I really do hope you have that address monitored as well, because as
long as you are in existence, people will not learn what the correct
address is and where to burrow down on your site to make submissions.

Can you confirm that this address security@...rosoft.com is being
monitored
as well.

/.../.../.../.../.../.../.../.../.../.../.../


Microsoft Security Response Center:

Periodically we hear people say they tried to contact Microsoft about
a product or service vulnerability and that Microsoft didn't respond.
 We are concerned that people may not know how to report security
vulnerabilities to Microsoft.

The Microsoft Security Response Center investigates all reports of
security vulnerabilities affecting Microsoft products. If you believe
you have found a security vulnerability affecting a Microsoft
product, we'd like to work with you to investigate it.

You can contact the Microsoft Security Response Center by emailing
secure@...rosoft.com directly, or you can submit your report via our
web-based vulnerability reporting form located at
https://www.microsoft.com/technet/treeview/default.asp?url=/technet/se
curity/bulletin/alertus.asp.

Sincerely,
Microsoft Security Response Center

/.../.../.../.../.../.../.../.../.../.../.../



Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program:

https://www.hushmail.com/about.php?subloc=affiliate&l=427

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj8LTjcACgkQvWk44C4omKXtMQCfQ7VZLhmBFKCAn4mJGfLx42MW6i0A
oJd6G8vz7ZURzArZq4mq6xIWvYjs
=CARn
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists