----- Original Message -----
From: <keepitsecret (at) hush (dot) com [email concealed]>
To: <bugtraq (at) securityfocus (dot) com [email concealed]>
Sent: Friday, July 04, 2003 7:31 PM
Subject: Re: Contact information for Microsoft Security Response Center [tf]

>
> Why do you people insist on using such an unobvious address? Do you have
> a catch-all in place?

By unobvious I assume you mean "can't be arsed to spend 5 seconds searching
for it" ?
Let's see...
http://www.google.co.uk/search?q=microsoft+security+contact&ie=UTF-8&oe=
UTF-8&hl=en&meta=

First hit :

http://www.microsoft.com/technet/security/contact.asp

Simple drop-down menu and then the web form. Damn, that was a pain...

> If check where those people you heard saying they tried to contact you
> tried first, you would see that the first and most logical address would
> be security (at) microsoft (dot) com [email concealed]

Righto...

http://www.google.co.uk/search?hl=en&ie=UTF-8&oe=UTF-8&q=security@micros
oft.com&meta=

First hit :

http://www.securityfocus.com/news/545

And there's an SF article about Microsoft wishing to move security
notifications from email (secure (at) microsoft (dot) com [email concealed] as mentioned in that very
article) to the web-based form so cunningly previously enumerated. Both
methods are thus obtained in less time than it took to write this email.
Some vendors are a damn site harder to track down, let alone them ignoring
you unless you have a support contract - you might want to pick a better
example of this ? Mind you, I have to type with a blunt crayon held
between my teeth as along with the straight-jackets, no sharp objects are
allowed here ;-)

Cheers.

[ reply ]