[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] CCBILL.COM Internet billing service multiple vulnerabilities
- To: Michael Holstein <michael.holstein@xxxxxxxxxxx>
- Subject: Re: [Full-disclosure] CCBILL.COM Internet billing service multiple vulnerabilities
- From: Jeffrey Walton <noloader@xxxxxxxxx>
- Date: Tue, 17 Aug 2010 16:48:43 -0400
On Tue, Aug 17, 2010 at 11:53 AM, Michael Holstein
<michael.holstein@xxxxxxxxxxx> wrote:
>
>> "It is very easy to reach our Information Security team at
>> security@xxxxxxxxxx <mailto:security@xxxxxxxxxx>."
>>
>> Please show at least 1 page where this e-mail is written !
>
> http://www.faqs.org/rfcs/rfc2142.html
>
> (but I see your point .. Microsoft --for example-- refuses to read email
> sent to such addresses and requires you answer a convoluted webform to
> do most anything).
>From what I have read in the past, Microsoft's security team responds
to secure@xxxxxxxxxxxxxx Howard and Lipner state such in The Security
Development Lifecycle, p. 30; and the MSRC webpage states it responds
to over 100,000 emails to the address annually
(http://www.microsoft.com/security/msrc/).
But I do see your point - RFC 2142 was an Internet Draft in early
1997, and the Microsoft Security Response Center was set up in 1998.
It appears the email address was never reconciled.
Jeff
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/