I am currently having the same experience with IBM. Our team has
discovered a crippling vulnerability (in a product in the Tivoli suite)
and for months our IBM contacts have tried passing the buck if they
respond at all. We plan on disclosing the vulnerability before long but
we want to be sure
5 days of no response should be enough
-Original Message-
From: Discini, Sonny [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 10, 2004 10:14 AM
To: Jedi/Sector One; Michael Scheidell
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Anyone know IBM's security address?
I am
* Aaron Gray:
It turns out I was going about the process of vulnerability
notification all wrong. I should have gone to the United States
Computer Emergency Readiness Team to report them.
The US-CERT home page provides an email address [EMAIL PROTECTED] for
reporting vulnerabilities. If you
There's no new vulnerability other than the one in the original thread. I
was suggesting CERT maybe the place to take this to.
Jason do read the post in context please before sending it to somewhere out
of context, ie CERT
.
Aaron
___
Full-Disclosure
send it to [EMAIL PROTECTED]
They will forward your mail to the responsible people!
I did it the same way, and had a response within some hours!
/oliver
Jedi/Sector One wrote:
On Fri, Aug 06, 2004 at 05:11:19PM -0400, Michael Scheidell wrote:
Have a vulnerability in an IBM product.
sent alert
Try
: IBM antivirus CERT[EMAIL PROTECTED]
jm
Thomas Loch a écrit:
Post all unhead reports PUBLICALLY (e.g here)! When everyone has head
everything, someone will do something
On Friday 06 August 2004 23:42, Jedi/Sector One wrote:
On Fri, Aug 06, 2004 at 05:11:19PM -0400, Michael Scheidell
The following from an artical :-
http://www.newsforge.com/article.pl?sid=04/08/05/1236234
It turns out I was going about the process of vulnerability notification all
wrong. I should have gone to the United States Computer Emergency Readiness
Team to report them.
The US-CERT home page
Aaron Gray wrote:
It turns out I was going about the process of vulnerability notification
all wrong. I should have gone to the United States Computer Emergency
Readiness Team to report them.
The US-CERT home page provides an email address [EMAIL PROTECTED] for
Aaron,
So you've found yet
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
it is wonderous that the jason coombs and his brother joins the pivx
solutiuons with the promoise of the shares if they continue to use their
names to make it loud about this sharlatin company...we must conclude
the science org not making funds in
[EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
it is wonderous that the jason coombs and his brother joins the pivx
solutiuons with the promoise of the shares if they continue to use their
names to make it loud about this sharlatin company...we must conclude
the science org
On Fri, Aug 06, 2004 at 05:11:19PM -0400, Michael Scheidell wrote:
Have a vulnerability in an IBM product.
sent alert to [EMAIL PROTECTED] [EMAIL PROTECTED] and [EMAIL PROTECTED], all three
bounced.
Can anyone tell me the official address or procedure to notify IBM?
For AIX-releated flaws,
Post all unhead reports PUBLICALLY (e.g here)! When everyone has head
everything, someone will do something
On Friday 06 August 2004 23:42, Jedi/Sector One wrote:
On Fri, Aug 06, 2004 at 05:11:19PM -0400, Michael Scheidell wrote:
Have a vulnerability in an IBM product.
sent alert to
what kind of products? informix? db2?
BEst regards
On Fri, 6 Aug 2004, Jedi/Sector One wrote:
On Fri, Aug 06, 2004 at 05:11:19PM -0400, Michael Scheidell wrote:
Have a vulnerability in an IBM product.
sent alert to [EMAIL PROTECTED] [EMAIL PROTECTED] and [EMAIL PROTECTED], all three
Quoting Michael Scheidell ([EMAIL PROTECTED]):
sent alert to [EMAIL PROTECTED] [EMAIL PROTECTED] and [EMAIL PROTECTED], all
three bounced. Can anyone tell me the official address or procedure
to notify IBM?
Try [EMAIL PROTECTED]
--
Troy Bollinger [EMAIL PROTECTED]
Network Security Analyst
14 matches
Mail list logo