H D Moore
21/06/05, 21:05
I am trying to reach the security contact at Lyris (www.lyris.com). I
sent an email to every address listed on the web site and keep getting
blown off by the operator when I call[1]. The OSVDB Vendor Dictionary has
no contact information listed for Lyris. There are a number of serious,
remotely-exploitable issues in the ListManager product...
-HD
1. On the first call, I asked for product development or someone in the
security department. The operator asked me why I was calling, I explained
that I was trying to report a security vulnerability. Shes asks if I want
sales, I try to explain again why I am calling. I was transferred in
mid-sentence to a voicemail box with no name. I called back again, this
time using their voice menu to transfer to sales. The same operator picks
up the call and I try to explain the situation again. I ask for sales,
she won't forward me because I "don't want to purchase the product". I
ask for customer support, she won't forward me because I am not a current
customer. I explain again that I am trying to do them a favor and that I
really need to contact someone in the product development or security
departments. The call ends.
sent an email to every address listed on the web site and keep getting
blown off by the operator when I call[1]. The OSVDB Vendor Dictionary has
no contact information listed for Lyris. There are a number of serious,
remotely-exploitable issues in the ListManager product...
-HD
1. On the first call, I asked for product development or someone in the
security department. The operator asked me why I was calling, I explained
that I was trying to report a security vulnerability. Shes asks if I want
sales, I try to explain again why I am calling. I was transferred in
mid-sentence to a voicemail box with no name. I called back again, this
time using their voice menu to transfer to sales. The same operator picks
up the call and I try to explain the situation again. I ask for sales,
she won't forward me because I "don't want to purchase the product". I
ask for customer support, she won't forward me because I am not a current
customer. I explain again that I am trying to do them a favor and that I
really need to contact someone in the product development or security
departments. The call ends.