[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Security contact @ Gigabyte

To: Gustavo Sorondo <gs@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [FD] Security contact @ Gigabyte
From: Jeffrey Walton <noloader@xxxxxxxxx>
Date: Mon, 14 Mar 2016 17:55:04 -0400

On Wed, Mar 9, 2016 at 4:15 PM, Gustavo Sorondo <gs@xxxxxxxxxxxxxxxxxxxx> wrote:
> Hi list,
>
> I'd like to know if anyone here know someone working on security at
> Gigabyte (http://www.gigabyte.com/), since we are trying to responsibly
> report a high risk security flaw we found.
>
> We opened a ticket asking to be contacted by their security team, and the
> answer we got was:
>
> "Thanks for your interest, but we already have a security team for our
> websites. Regards, GIGABYTE" (sigh)
>
> So, if any of you knows someone in there, please let us know.
>

According to RFC 2142 (http://www.ietf.org/rfc/rfc2142.txt), MAILBOX
NAMES FOR COMMON SERVICES, ROLES AND FUNCTIONS, you should be able to
use:

   secure@xxxxxxxxxxxx
   security@xxxxxxxxxxxx

I also rummage the WHOIS data and use the Administrative and Technical contacts:

   $ whois gigabyte.com | grep '@'
   Registrant Email: domains@xxxxxxxxxxxx
   Admin Email: domains@xxxxxxxxxxxx
   Tech Email: domains@xxxxxxxxxxxx
   Registrar Abuse Contact Email: abuse@xxxxxxxxxxxx

WHOIS data must be correct. Its an ICANN contractual obligation.

Jeff

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] Security contact @ Gigabyte
  - From: Gustavo Sorondo

Prev by Date: [FD] Latest Tegile security updates include tomcat examples package containing many security flaws.
Next by Date: Re: [FD] Security contact @ Gigabyte
Previous by thread: Re: [FD] Security contact @ Gigabyte
Next by thread: [FD] Open Vulnerablity ID tracker instead of CVE. Maybe
Index(es):
- Date
- Thread