-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Very good. All one needs to do is ask. After wading through a mountain of childish, almost fanatical defences of Microsoft and bitter flames for asking the question, we have a solution from Microsoft today. - ----- Forwarded Message from Microsoft Security Response Center <secure@microsoft.com> - ----- Hi, Thank you very much for your reply. A new auto responder has been configured at security@microsoft.com which will redirect you to secure@microsoft.com as a temporary solution until we can fully migrate "security" to the Security Response Center-- which is actually in progress. Traditionally, security@microsoft.com (which is our internal fire and life safety department) has been very good about forwarding all email destined for us. Thank you again for your feedback. Please let me know if you have any additional questions or concerns. Sincerely, Terri - -----Original Message----- From: keepitsecret@hush.com [mailto:keepitsecret@hush.com] Sent: Friday, July 04, 2003 11:31 AM To: bugtraq@securityfocus.com Subject: Re: Contact information for Microsoft Security Response Center [tf] Why do you people insist on using such an unobvious address? Do you have a catch-all in place? secure@microsoft.com is a whimsical address almost as silly as designating "abuse@microsoft.com" to "badstuff@microsoft.com". If check where those people you heard saying they tried to contact you tried first, you would see that the first and most logical address would be security@microsoft.com I really do hope you have that address monitored as well, because as long as you are in existence, people will not learn what the correct address is and where to burrow down on your site to make submissions. Can you confirm that this address security@microsoft.com is being monitored as well. /.../.../.../.../.../.../.../.../.../.../.../ Microsoft Security Response Center: Periodically we hear people say they tried to contact Microsoft about a product or service vulnerability and that Microsoft didn't respond. We are concerned that people may not know how to report security vulnerabilities to Microsoft. The Microsoft Security Response Center investigates all reports of security vulnerabilities affecting Microsoft products. If you believe you have found a security vulnerability affecting a Microsoft product, we'd like to work with you to investigate it. You can contact the Microsoft Security Response Center by emailing secure@microsoft.com directly, or you can submit your report via our web-based vulnerability reporting form located at https://www.microsoft.com/technet/treeview/default.asp?url=/technet/se curity/bulletin/alertus.asp. Sincerely, Microsoft Security Response Center /.../.../.../.../.../.../.../.../.../.../.../ Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj8LTjcACgkQvWk44C4omKXtMQCfQ7VZLhmBFKCAn4mJGfLx42MW6i0A oJd6G8vz7ZURzArZq4mq6xIWvYjs =CARn -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
