[Full-disclosure] How to Report a Security Vulnerability toMicrosoft
Ag. System Administrator
sysadmin at agent.co.il
Mon Apr 11 16:35:44 BST 2005
Airey, John wrote:
>>-----Original Message-----
>>From: full-disclosure-bounces at lists.grok.org.uk
>>[mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf
>>Of Microsoft Security Response Center
>>Sent: 08 April 2005 20:21
>>To: bugtraq at securityfocus.com;
>>ntbugtraq at listserv.ntbugtraq.com; full-disclosure at lists.grok.org.uk
>>Subject: [Full-disclosure] How to Report a Security
>>Vulnerability toMicrosoft
>>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Hello!
>>
>>The Microsoft Security Response Center investigates all
>>reports of security vulnerabilities sent to us that affect
>>Microsoft products.
>>If you believe you have found a security vulnerability
>>affecting a Microsoft product, we would like to work with you
>>to investigate it.
>>
>>We are concerned that people might not know the best way to
>>report security vulnerabilities to Microsoft. You can contact
>>the Microsoft Security Response Center to report a
>>vulnerability by emailing secure at microsoft.com directly, or
>>you can submit your report via our web-based vulnerability
>>reporting form located at:
>>https://www.microsoft.com/technet/security/bulletin/alertus.aspx.
>>
>>Sincerely,
>>Microsoft Security Response Center
>
> [snip]
>
> Unless there's something wrong at my end (I hope not), this message
> doesn't appear to have been signed with the key at
> http://www.microsoft.com/technet/Security/bulletin/pgp.mspx.
>
> Am I right or not?
>
not.
Key Id: 0xAA55BC66 / Signed on: 04/08/2005 10:17 PM
It's them...
Have fun,
Dan
Full-Disclosure is hosted and sponsored by Secunia.