Full Disclosure mailing list archives

RE: Anyone know IBM's security address?

From: "Michael Scheidell" <scheidell () secnap net>
Date: Tue, 10 Aug 2004 10:36:09 -0400

5 days of no response should be enough....

-----Original Message-----
From: Discini, Sonny [mailto:Sonny.Discini () montgomerycountymd gov]
Sent: Tuesday, August 10, 2004 10:14 AM
To: Jedi/Sector One; Michael Scheidell
Cc: full-disclosure () lists netsys com; bugtraq () securityfocus com
Subject: RE: Anyone know IBM's security address?

I am currently having the same experience with IBM. Our team has
discovered a crippling vulnerability (in a product in the Tivoli suite)
and for months our IBM contacts have tried passing the buck if they
respond at all. We plan on disclosing the vulnerability before long but
we want to be sure that we run through the normal process before
releasing the information to bugtraq.

Sonny Discini
Senior Network Security Engineer

-----Original Message-----
From: Jedi/Sector One [mailto:j () pureftpd org] 
Sent: Friday, August 06, 2004 5:42 PM
To: Michael Scheidell
Cc: full-disclosure () lists netsys com; bugtraq () securityfocus com
Subject: Re: Anyone know IBM's security address?

On Fri, Aug 06, 2004 at 05:11:19PM -0400, Michael Scheidell wrote:

Have a vulnerability in an IBM product.
sent alert to security () ibm com secure () ibm com and cert () ibm com, all 
three bounced. Can anyone tell me the official address or procedure to

notify IBM?


  For AIX-releated flaws, the contact is security-alert () austin ibm com
  
  For other products... good luck. I also have a vulnerability in an IBM
product but I wasn't able to get in touch with anyone.

  Online forms told me to call a number that is unreachable outside USA.
  
  The AIX security officer told me he would find the right contact but I
never got anything else since.

-- 
 __  /*-    Frank DENIS (Jedi/Sector One) <j at 42-Networks.Com>    -*\
__
 \ '/    <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a>
\' /
  \/  <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a>
\/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Anyone know IBM's security address? Michael Scheidell (Aug 06)
- Re: Anyone know IBM's security address? Jedi/Sector One (Aug 06)
  - Re: Re: Anyone know IBM's security address? Thomas Loch (Aug 06)
    - Re: Re: Anyone know IBM's security address? Jean-Marie Monnier (Aug 07)
  - Re: Re: Anyone know IBM's security address? jmpascual (Aug 06)
  - Re: Re: Anyone know IBM's security address? Oliver () greyhat de (Aug 07)
- Re: Anyone know IBM's security address? troy (Aug 06)
- <Possible follow-ups>
- RE: Anyone know IBM's security address? Michael Scheidell (Aug 10)
- RE: Anyone know IBM's security address? Discini, Sonny (Aug 10)