by Archive-name: computer-security/vendor-contacts
Posting-frequency: monthly
Last-modified: 1995/5/04
Version: 2.01
Vendor Contacts FAQ
Version: 3.00 Internet Security Systems, Inc. --------------------------------------------------------------------------- http://www.iss.net/ To subscibe to the update mailing list, Alert, send an e-mail to subscribe alert --------------------------------------------------------------------------- "It [Vendor Security Contact FAQ] is the kind of thing that makes Vendor Security Contacts: Reporting Vulnerabilities and Obtaining New The following FAQ is a list of security contacts to reach at various vendors With the rising number of people and hosts gaining access to the Internet, Here are the security contacts that information is available for: * A/UX Other important security contacts included are: * CERT Contact When reporting a new security bug, try to be as specific as possible about --------------------------------------------------------------------------- A/UX Contact information for A/UX as follows: * Send security related information to the following people: --------------------------------------------------------------------------- Cray Research Contact information for Cray Research as follows: Cray Research customers should first direct questions and concerns to Customer Support Call Center (CSCC) tel. +1-612-683-5600 --------------------------------------------------------------------------- DG, Data General Corporation Contact information for DG is as follows: * Send security related information to the following person: o Kevin Peterson (peter...@dg-rtp.dg.com) Data General Corp Phone: 919-248-6011 Patches (security or nonsecurity) are distributed through our Support --------------------------------------------------------------------------- DEC, Digital Equipment Corporation Contact information for DEC is as follows: * Send security related information to the following person: Security patches are issued by Customer Support Centers. --------------------------------------------------------------------------- HP, Hewlett Packard Contact information for HP as follows: * For security concerns, questions, or problems, you can contact: Obtaining Patches: Patches and mailing lists are available through the HP SupportLine service. For a guide how to obtain patches via email send mail to --------------------------------------------------------------------------- IBM, International Business Machines Contact information for IBM as follows: * IBM support @ 1-800 237-5511 Send security related information to Nick Trio (n...@watson.ibm.com, a.k.a. There are some security patches on anonymous FTP software.watson.ibm.com in Security patches are issued through your IBM sales office. --------------------------------------------------------------------------- Novell, Inc. Contact information for Novell as follows: * Phone number: 800-4-UNIVEL Security patches are available from: * Compuserve --------------------------------------------------------------------------- Motorola Contact information for Motorola is as follows: For security concerns, questions, or problems with Motorola For security concerns, questions, or problems related to incidents * +1-708-576-1616 (for emergencies) For Motorola Computer Group: For security concerns, questions, or problems with Motorola For security concerns, questions, or problems related to incidents security-al...@mcd.mot.com For emergencies, contact the emergency number listed above. Starting in 1995, MCG has started to provide certain security --------------------------------------------------------------------------- NeXT Contact information for Next as follows: * Technical Support: ask_n...@next.com Address: 900 Chesapeake Drive --------------------------------------------------------------------------- SCO Contact information for The Santa Cruz Operation (SCO): * Send security related information to: security-al...@sco.com Security patches are issued on an as-needed basis and will be available at When submitting information about a security problem, please include output uname -X and as much detail about the problem as you can muster. --------------------------------------------------------------------------- SGI - Silicon Graphics Incoporated Contact information for SGI as follows: * Send security related information to: security-al...@sgi.com * Inside US: * Outside US/Canada: * FTP Site: --------------------------------------------------------------------------- Sun Contact information for Sun as follows: * email: security-al...@sun.com Sun Security Coordinator For reporting security vulnerabilities and problems, Sun strongly recommends Sun Security Bulletins Sun Security Bulletins are available free of charge as part of our Customer To subscribe to this bulletin series, send mail to the address Due to the volume of subscription requests Sun receives, Sun cannot Sun Security Bulletins are archived on ftp.uu.net (in the same directory as --------------------------------------------------------------------------- Other Resources --------------------------------------------------------------------------- CERT (Computer Emergency Response Team) The CERT (Computer Emergency Response Team). To report a vulnerability * E-mail: c...@cert.org Past advisories and other information related to computer security are See the Security Resources FAQ for more information on CERT and --------------------------------------------------------------------------- CIAC (Computer Incident Advisory Capability) The CIAC (Computer Incident Advisory Capability) of DoE. To report a * voice: 510-422-8193 Previous CIAC bulletins and other information is available via anonymous ftp See the Security Resources FAQ for more information on CIAC advisories and --------------------------------------------------------------------------- FIRST (Forum of Incident Response and Security Teams) FIRST (Forum of Incident Response and Security Teams). To report a * voice: 310-975-3359 --------------------------------------------------------------------------- Acknowledgements Thanks go to the following people for providing new or updated information * Dave Millar for helping provide a portion of the information. --------------------------------------------------------------------------- Copyright This paper is Copyright (c) 1994, 1995, 1996 Permission is hereby granted to give away free copies electronically. You Disclaimer The information within this paper may change without notice. Use of this Address of Author Please send suggestions, updates, and comments to: Internet Security Systems, Inc. ISS is the leader in network security tools and technology through
---------------------------------------------------------------------------
This Security FAQ is a resource provided by:
Suite 660, 41 Perimeter Center East Tel: (770) 395-0150
Atlanta, Georgia 30346 Fax: (770) 395-1972
To get the newest updates of Security files check the following services:
ftp ftp.iss.net /pub/
request-al...@iss.net and, in the text of your message (not the subject
line), write:
you look good at work when your boss decides he's joe security and
wants a patch (for like rdist - duh!) yesterday..." - Tim Scanlon,
System Analyst
Patches
for reporting security vulnerabilities and obtaining new security related
patches.
the basic integrity of the Net needs to be maintained. Many of security
incidents that happen on Internet could have been avoided by installing
security patches that are available by vendors. It is important to get the
recent patches and ensure that your systems are configured properly. With
intruders and their underground network having quick access to security
vulnerabilities, it is important that administrators have security
information available and not rely on just One organization.
* Cray Research
* Data General Corporation
* Dec
* HP
* IBM
* Motorola
* Next
* Novell
* SCO
* SGI
* Sun
* CIAC Contact
* FIRST Contact
how to reproduce it, which OS release (uname -a), and any other release
numbers of software that are involved.
o Erik E. Fair: f...@apple.com and CC: st...@apple.com
on-site support personnel (if provided by their service contract). Other
contacts should be made through:
Cray Research, Inc.
655F Lone Oak Drive
Eagan MN 55121
USA
email. supp...@cray.com
62 Tw Alexander Drive
RTP, NC 27709
Centers (and/or local office).
o FIRST Contact: Rich Boren rich.bo...@cxo.mts.dec.com, (719)
592-4689
o security-al...@hp.com
More information is available in their bulletin. The HP SupportLine mail
service is available to anyone who can send electronic mail via the
Internet.
supp...@support.mayfield.hp.com with the line "send guide" in the text
portion of the mail.
* Email to servi...@austin.ibm.com
(postmas...@ibm.com) Unix person on IBM's Computer Emergency Response Team)
and Alan Fedeli ( fed...@vnet.ibm.com).
pub/aix3 for AIX.
* ftp from ftp.novell.com
* floppy from the Novell support folks
Products contact your sales or support representative.
in progress or Motorola's presence on the Internet:
* +1-708-538-2153 (fax)
* mc...@mot.com
Products contact your sales or support representative.
in progress or MCG's presence on the Internet:
patches for MCG products on anonymous ftp from ftp.mcd.mot.com in
pub/patches. Patches are also available via your sales or support
representative.
* Phone number: 800.848.6398
Redwood City, CA 94063
ftp.sco.com and its mirrors.
of the following commands:
swconfig
hwconfig -h (if hardware-related)
If there is no response, try Dave Olson (ol...@sgi.com) or Miguel
Sanchez (mig...@sgi.com).
o Support line: 1-800-800-4SGI
o Contact your local SGI support provider
o ftp.sgi.com (192.48.153.1)
o When available, patches are placed in the directories
+ security
+ sgi/IRIX4.0
+ sgi/IRIX5.0
* phone: 415-688-9081
* Fax: 415-688-9101
* postal:
MS MPK2-04
2550 Garcia Avenue
Mountain View, CA 97703-1100
that you report problems to your local Answer Center and your representative
computer security response team, such as CERT. In some cases your local
Answer Center will accept a report of a security bug even if you do not have
a support contract. An additional notification to the security-alert alias
is suggested but should not be used as your primary vehicle for reporting a
bug.
Warning System. It is not necessary to have a Sun support contract in order
to receive them.
"security-al...@Sun.COM" with the subject "subscribe CWS your-mail-address"
and a message body containing affiliation and contact information. To
request that your name be removed from the mailing list, send mail to the
same address with the subject "unsubscribe CWS your-mail-address". Do not
include other requests or reports in a subscription message.
guarantee to acknowledge requests. Please contact the security office if you
wish to verify that your subscription request was received, or if you would
like your bulletin delivered via postal mail or fax.
the patches) and on SunSolve. Please try these sources first before
contacting the security office for old bulletins.
contact CERT at:
available for anonymous FTP from cert.org (192.88.209.5).
vulnerability reporting forms.
vulnerability, contact CIAC at
* fax: 510-423-8002
* stu-iii: 510-423-2604
* or mail c...@llnl.gov.
from ciac.llnl.gov (ip address 128.115.51.53).
mailing lists.
vulnerability, contact FIRST at
* fax: 310-948-0279
* web: http://first.org/first
* or mail fi...@first.org.
to be included in this FAQ:
* (Walter Misar) mi...@rbg.informatik.th-darmstadt.de
* Steve Cooper, spcoo...@llnl.gov
by Christopher Klaus of Internet Security Systems, Inc.
may distribute, transfer, or spread this paper electronically. You may not
pretend that you wrote it. This copyright notice must be maintained in any
copy made. If you wish to reprint the whole or any part of this paper in any
other medium excluding electronic medium, please ask the author for
permission.
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.
Christopher Klaus <ckl...@iss.net> of Internet Security Systems, Inc.
<i...@iss.net>
innovative audit, correction, and monitoring software. The Atlanta-based
company's flagship product, Internet Scanner, is the leading commercial
attack simulation and security audit tool. The Internet Scanner SAFEsuite is
based upon ISS' award-winning Internet Scanner and was specifically designed
with expanded capabilities to assess a variety of network security issues
confronting web sites, firewalls, servers and workstations. The Internet
Scanner SAFEsuite is the most comprehensive security assessment tool
available. For more information about ISS or its products, contact the
company at (770) 395-0150 or e-mail at i...@iss.net. ISS maintains a Home
Page on the World Wide Web at http://www.iss.net
--
Christopher William Klaus Voice: (770)395-0150. Fax: (770)395-1972
Internet Security Systems, Inc. "Internet Scanner SAFEsuite finds
Ste. 660,41 Perimeter Center East,Atlanta,GA 30346 your network security holes
Web: http://www.iss.net/ Email: ckl...@iss.net before the hackers do."