[ntp:security] Need for a computer security contact (FIRST REQUEST) - ntp VEND#152504

CERT(R) Coordination Center cert at cert.org
Thu Sep 12 17:32:48 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello folks:

We are aware of a problem with NTP servers.  We are interested 
in establishing a formal contact with you to facilitate the coordination 
of vulnerability remediation.  Given the sensitive nature of the information 
typically exchanged during the vulnerability remediation process, we are 
interested in exchanging PGP keys with you to ensure secure communication.

Information about CERT 45 day Vulnerability Disclosure Policy can be found at:
http://www.cert.org/kb/vul_disclosure.html

Information about CERT Vulnerability Remediation can be found at:
http://www.cert.org/vuls/remediation.html

Please follow the steps listed below to begin the key exchange process:

1. You generate a PGP key pair if you do not already have one.

2. You then send the public key to <cert at cert.org> via email signed
   with that key. Please include "VEND#152504" in the subject line
   of your email message.

3. We will then contact you out-of-band via a trusted telephone number
   to verify your key fingerprint.  This will involve your reading the
   key fingerprint back to us in hexadecimal format.

4. We will then use your public key to send mail to you encrypted with
   your key.  This mail will also contain information on obtaining the
   CERT/CC's public key.

5. You then decrypt the mail, and follow the brief instruction within
   that mail.


If you have any questions or concerns pertaining to this request,
please do not hesitate to contact me via the CERT Hotline:
412.268.7090.

Thank you in advance for your cooperation.

Regards,
Matt
CERT/CC

CERT Coordination Center       | Internet E-mail: cert at cert.org
Software Engineering Institute | Telephone: +1-412-268-7090  24-hour hotline
Carnegie Mellon University     | - phone answered by CERT personnel
Pittsburgh PA  15213-3890      |   during business days (Monday - Friday)
                               |   from 08:00-:1700 EST/EDT (GMT-5/GMT-4);
http://www.cert.org/           |   on call for emergencies during other hours

* CERT is a registered service mark of Carnegie Mellon University.
  Registered in U.S. Patent and Trademark Office.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBUjH7Au5xi1xMnAiGAQKi/Af9HYRzXMPiZtdEf8g+TuCnxfapRQ3nLMUm
yLZOgiFPgPLFMkdOhVSAUq7lPcOAo6pM+X/k7WsKQqXCbnBXRJVf9D7F7njuWIOb
l4hNmYXfbtzyY7ZFB9qA4MnVzZlpiHsPATxdB/9/IKpBmZsSM8eqUzJmzW7ZrPbA
2utmnp7iaSNxHbWOI3fS9UL6NG4E2Igm4w5c6NijTJ9m61g30YEK501PKqPBy88K
6j4Z4X8wt8nEcLog+pIBrZy2lvU3M9qDtK1gUJD+LnhjnTJvf4sSWomPhoQodoMS
GgjpKOGLTnozZJXyFkxeC7S+CxqVDCmYsSoioOWkA34uQCxnyuVa9g==
=eM8X
-----END PGP SIGNATURE-----


More information about the security mailing list