useless security@ contacts

[J Edgar Hoover <zorch () totally righteous net>]

More often than not, a goodhearted attempt to provide valuable information
leads to voicemail hell.

These companies expect us to give them the results of thousands of dollars
worth of security research as a courtesy, and don't even bother to extend
the courtesy of a human reply.


Date: Mon, 18 Mar 2002 00:28:13 -0800 (PST)
From: J Edgar Hoover <zorch () totally righteous net>
To: security () uu net
Subject: leaked password


Verizon leaked a bunch of engineering docs. If you're using the superuser
passwd of ANS#150 anywhere, this would be a good time to change it.


On Mon, 18 Mar 2002, UUNET Internet Abuse Investigations wrote:

>  ** THE RETURN ADDRESSES ON THIS LETTER HAVE BEEN SET TO PREVENT MAIL **
>  ** LOOPS IN THE EVENT YOU ARE RUNNING SOFTWARE WHICH AUTO-REPLIES TO **
>  ** INBOUND MAIL.  UUNET WILL NOT SEE ANY REPLY SENT TO THIS LETTER.  **
>
> To Whom It May Concern,
>
> Your message regarding ("leaked password") has been received by UUNET's
> Internet Abuse Investigations.
>
> To help us provide you with the best possible service, please refer to
> trouble ticket number B-TSI-005251134 somewhere in all correspondence
> (or if you should call Internet Abuse Investigations) regarding this
> matter. For your convenience, we have included it in the Subject line of
> this message, and will do so in any future correspondence. If you should
> need assistance in the future on a different issue, please do not re-use
> this same ticket number.
>
> **IF THERE ARE ANY THREATS OF DANGER OR BODILY HARM, IT IS ADVISED YOU
> CONTACT YOUR LOCAL LAW ENFORCEMENT IMMEDIATELY**
>
> UUNET Internet Abuse Investigations has received your notification of a
> security incident and considers this a serious matter.
>
> The mail address security () uu net will send your complaint to our ticket
> processing system where it will be picked up by an Investigator (usually
> within two hours).
>
>  *************************************************
>  IF THE USER IS CONNECTED TO YOUR SYSTEM
>  OR IS CAUSING A DENIAL OF SERVICE ATTACK
>  *************************************************
>
> Please call UUNET at 800.900.0241 (703.206.5440), option #2, then
> option #3, then option #1 to reach our Internet Abuse Investigations
> Team, 24 hours a day, seven days a week.  Our first priority will be
> to stop the attack so you may return to normal business operations.
>
>  *****************************
>  CERTIFICATION OF TIME STAMPS:
>  *****************************
>
> To help us accurately trace the originating connection, we request
> reporting sites certify the accuracy of any timestamps provided in logs
> or headers reported by its systems.  Please indicate the timezone the
> logs are reporting or that the timezone is correct if shown in the logs.
>
>  *****************************
>  COPYRIGHT INFRINGEMENT CLAIMS
>  *****************************
>
> UUNET's Interim Designation of Agent to Receive Notification of Claimed
> Infringement can be found at:
> http://www.us.uu.net/support/usepolicy/copyright.html
>
> If you want to report a copyright violation uner the Digital Millennium
> Copyright Act, send your complaint to: copyright () uu net
>
>  ***************************
>  SUSPECTED CHILD PORNOGRAPHY
>  ***************************
>
> Also send your report to:
>       US Customs <icpicc () customs sprint com>
>       or
>       FBI Innocent Images Squad (contact local field office)
>
>  *******************
>  IRC CHAT ROOM ABUSE
>  *******************
>
> Please contact the site administrator for the IRC server you are
> connected to and register an initial complaint.
>
>  ******************************************
>  WHAT UUNET CAN DO REGARDING YOUR INCIDENT:
>  ******************************************
> If UUNET identifies that the SECURITY incident originated from a UUNET
> customer site, UUNET will take action according to the Terms of
> Service contract. If UUNET identifies the originator as a customer of
> another ISP, UUNET may forward details about the SECURITY incident to
> the respective ISP. Generally, only the ISP of the originating site
> can enforce policies concerning this SECURITY incident.
>
> If you believe a crime has been committed, please contact the FBI
> Computer Crime Unit at (202) 324-9164 or (202) FBI-3000 or your local
> authorities. Law enforcement agencies will be requested to issue a
> subpoena to UUNET for information regarding your incident.
>
> Due to the volume of complaints we receive and the time required to
> investigate them, this may be the only response you receive regarding
> this incident.
>
> To view UUNET's Acceptable Use Policy, point your browser to:
> http://www.usa.uu.net/support/usepolicy/
>
> Sincerely,
>
> Internet Abuse Investigations (800)900-0241 options 2,3,1