[18631] in bugtraq
Re: Trend Micro's VirusWall: Multiple vunerabilities (fwd)
daemon@ATHENA.MIT.EDU (Joey Maier)
Tue Jan 16 11:49:16 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.BSO.4.21.0101151544340.19766-100000@www.slothnet.com>
Date: Mon, 15 Jan 2001 15:53:20 +0000
Reply-To: Joey Maier <maierj@HOME.COM>
From: Joey Maier <maierj@HOME.COM>
X-To: Hank Leininger <hlein@progressive-comp.com>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <10101151520230.15691-100000@interpage.progressive-comp.com>
On Mon, 15 Jan 2001, Hank Leininger wrote:
>Hm. Joey's advisory listed a number of @trendmicro.com addresses he had
>sent notifications to. He did not mention that the most obviously
>appropriate of those had bounced :(
>
>Hank Leininger <hlein@progressive-comp.com>
Hey Hank, (...and other folks)
The address that currently works for TrendMicro is
support@trendmicro.com. For the fastest response, include the
Case ID # in the subject line. For this issue, that's [TDSC237EA95D].
Sorry I didn't mention which addresses bounced and which did not.
I was following the recommendations in RFPolicyV2, which states:
=======================================================================
http://www.wiretrip.net/rfp/policy.html
=======================================================================
Should the ORIGINATOR not be able to locate a suitable email address
for the MAINTAINER, the ORIGINATOR should address the ISSUE to:
security-alert@[MAINTAINER]
secure@[MAINTAINER]
security@[MAINTAINER]
support@[MAINTAINER]
info@[MAINTAINER]
regardless of their existence. Anyone who could be deemed as a
'MAINTAINER' is encouraged to populate at least some of the above
email addresses.
=======================================================================
I agree that TrendMicro ought to establish a security@trendmicro.com
account and route that to someone other than their general support
staff.
Joey
--
"When you understand UNIX, you will understand the world.
When you understand NT....you will understand NT" - Richard Thieme
http://www.slothnet.com - is currently unavailable :(
