RE: [Full-disclosure] How to Report a Security Vulnerability toMicrosoft

From: Airey, John (John.Airey_at_rnib.org.uk)
Date: 04/11/05

  • Next message: Clemens Gotthard: "Re: [Full-disclosure] Microsoft Jet (msjet40.dll) Exploit" 
    Date: Mon, 11 Apr 2005 16:43:21 +0100
To: <full-disclosure@lists.grok.org.uk>

    > -----Original Message-----
    > From: Ag. System Administrator [mailto:sysadmin@agent.co.il]
    > Sent: 11 April 2005 16:36
    > To: Airey, John
    > Cc: Full-Disclosure
    > Subject: Re: [Full-disclosure] How to Report a Security
    > Vulnerability toMicrosoft
    >
    >
    >
    > Airey, John wrote:
    > >>-----Original Message-----
    > >>From: full-disclosure-bounces@lists.grok.org.uk
    > >>[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of
    > >>Microsoft Security Response Center
    > >>Sent: 08 April 2005 20:21
    > >>To: bugtraq@securityfocus.com;
    > >>ntbugtraq@listserv.ntbugtraq.com; full-disclosure@lists.grok.org.uk
    > >>Subject: [Full-disclosure] How to Report a Security Vulnerability
    > >>toMicrosoft
    > >>
    > >>-----BEGIN PGP SIGNED MESSAGE-----
    > >>Hash: SHA1
    > >>
    > >>Hello!
    > >>
    > >>The Microsoft Security Response Center investigates all reports of
    > >>security vulnerabilities sent to us that affect Microsoft products.
    > >>If you believe you have found a security vulnerability affecting a
    > >>Microsoft product, we would like to work with you to investigate it.
    > >>
    > >>We are concerned that people might not know the best way to report
    > >>security vulnerabilities to Microsoft. You can contact the
    > Microsoft
    > >>Security Response Center to report a vulnerability by emailing
    > >>secure@microsoft.com directly, or you can submit your
    > report via our
    > >>web-based vulnerability reporting form located at:
    > >>https://www.microsoft.com/technet/security/bulletin/alertus.aspx.
    > >>
    > >>Sincerely,
    > >>Microsoft Security Response Center
    > >
    > > [snip]
    > >
    > > Unless there's something wrong at my end (I hope not), this message
    > > doesn't appear to have been signed with the key at
    > > http://www.microsoft.com/technet/Security/bulletin/pgp.mspx.
    > >
    > > Am I right or not?
    > >
    > not.
    >
    > Key Id: 0xAA55BC66 / Signed on: 04/08/2005 10:17 PM
    >
    > It's them...

    That's the key id on the web page, but the key id of the key on that
    page says 0x0B2E5E2D. It has fingerprint E561 2A79 6439 13E4 430B 92F0
    2732 52F1 and never expires.

    Can anyone else confirm this? 

    -- 
John Airey, BSc (Jt Hons), CNE, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848
John.Airey@rnib.org.uk 
I'm cycling the 2005 Etape du Tour in France to raise vital funds for
RNIB, if you'd like to sponsor me, visit
http://justgiving.com/rnibetape.
"A man cannot consider himself educated unless he has read the Bible" -
Abraham Lincoln
-- 
DISCLAIMER:
NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged.  If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system.
RNIB endeavours to ensure that emails and any attachments generated by
its staff are free from viruses or other contaminants.  However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments.
Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent
those of RNIB.
RNIB Registered Charity Number: 226227
Website: http://www.rnib.org.uk
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
  • Next message: Clemens Gotthard: "Re: [Full-disclosure] Microsoft Jet (msjet40.dll) Exploit"

    Relevant Pages

    • RE: [Full-Disclosure] Possibly a stupid question RPC over HTTP
      ... John Airey, BSc, CNA, RHCE ... The information contained in this email and any attachments is ... RNIB endeavours to ensure that emails and any attachments generated by ...
      (Full-Disclosure)
    • RE: [Full-Disclosure] Possibly a stupid question RPC over HTTP
      ... > mathematical way to factor large primes rapidly. ... John Airey, BSc, CNA, RHCE ... The information contained in this email and any attachments is ...
      (Full-Disclosure)
    • [Full-Disclosure] Security Industry Under Scrutiny: Part One
      ... I shall make two important points, the historical basis for Full Disclosure ... I spend most of my working day on security issues, ... The information contained in this email and any attachments is ... RNIB has made strenuous efforts to ensure that emails and any ...
      (Full-Disclosure)
    • Re: Word Documents Sent as Attachements
      ... > Hi Steve, ... >> Beth and John, ... So does this explain why the test attachments you and John ... Maybe BBEdit can do this? ...
      (microsoft.public.mac.office.word)
    • RE: [Full-Disclosure] Destroying PCs remotely?
      ... The Music of Senator Orrin Hatch is at www.hatchmusic.com. ... The information contained in this email and any attachments is ... RNIB has made strenuous efforts to ensure that emails and any ... attachments generated by its staff are free from viruses. ...
      (Full-Disclosure)