Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Security Contact for Lyris

from [H D Moore] Network Security [Permanent Link]
Subject: Security Contact for Lyris
Date: Tue, 21 Jun 2005 13:17:08 -0500 
I am trying to reach the security contact at Lyris (www.lyris.com).  I 
sent an email to every address listed on the web site and keep getting 
blown off by the operator when I call[1]. The OSVDB Vendor Dictionary has 
no contact information listed for Lyris. There are a number of serious, 
remotely-exploitable issues in the ListManager product...

-HD

1. On the first call, I asked for product development or someone in the 
security department. The operator asked me why I was calling, I explained 
that I was trying to report a security vulnerability. Shes asks if I want 
sales, I try to explain again why I am calling. I was transferred in 
mid-sentence to a voicemail box with no name. I called back again, this 
time using their voice menu to transfer to sales. The same operator picks 
up the call and I try to explain the situation again. I ask for sales, 
she won't forward me because I "don't want to purchase the product". I 
ask for customer support, she won't forward me because I am not a current 
customer. I explain again that I am trying to do them a favor and that I 
really need to contact someone in the product development or security 
departments. The call ends.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: osCommere HTTP Response Splitting (Solution), Harry Metcalfe
Next by Date:  MercuryBoard 1.1.4 SQL Injection, 4yka
Previous by Thread:  [Full-disclosure] [USN-142-1] sudo vulnerability, Martin Pitt
Next by Thread:  Re: Security Contact for Lyris, H D Moore
Indexes:  [Date] [Thread] [Top] [All Lists]