----- Original Message ----- From: <keepitsecret@hush.com> To: <bugtraq@securityfocus.com> Sent: Friday, July 04, 2003 7:31 PM Subject: Re: Contact information for Microsoft Security Response Center [tf] > > Why do you people insist on using such an unobvious address? Do you have > a catch-all in place? By unobvious I assume you mean "can't be arsed to spend 5 seconds searching for it" ? Let's see... http://www.google.co.uk/search?q=microsoft+security+contact&ie=UTF-8&oe=UTF-8&hl=en&meta= First hit : http://www.microsoft.com/technet/security/contact.asp Simple drop-down menu and then the web form. Damn, that was a pain... > If check where those people you heard saying they tried to contact you > tried first, you would see that the first and most logical address would > be security@microsoft.com Righto... http://www.google.co.uk/search?hl=en&ie=UTF-8&oe=UTF-8&q=security@microsoft.com&meta= First hit : http://www.securityfocus.com/news/545 And there's an SF article about Microsoft wishing to move security notifications from email (secure@microsoft.com as mentioned in that very article) to the web-based form so cunningly previously enumerated. Both methods are thus obtained in less time than it took to write this email. Some vendors are a damn site harder to track down, let alone them ignoring you unless you have a support contract - you might want to pick a better example of this ? Mind you, I have to type with a blunt crayon held between my teeth as along with the straight-jackets, no sharp objects are allowed here ;-) Cheers.
