Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Networker] NMC security vulnerability and customer notification

2007-03-07 20:39:54
Subject: Re: [Networker] NMC security vulnerability and customer notification
From: Roberta Gold <gold11 AT LLNL DOT GOV>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Wed, 7 Mar 2007 17:34:34 -0800
So, does the JumboUpdate1 fix the NMC security problem in addition to the AFT problem? Can't find either mentioned in the release notes ... 



Does anyone else think it's weird that EMC knows how to send email to me
when there's a new release of some product like DiskXtender or Documentum,
neither of which we have, but they rarely let their customers know when
there's a serious problem with one of the products that we do have:


http://www.securityfocus.com/bid/22789

ftp://ftp.legato.com/pub/NetWorker/Updates/732JumboUpdate1/README%20732%20Jumbo%20Update%201.txt



Now to EMC's credit, I *did* get email from them on March 1, telling me
about the data loss problem if using Advanced File Type devices with
NetWorker.  I was very happy to see it, and thought perhaps EMC was
going to start proactively notifying me about serious problems that are
discovered in a product we do have (NetWorker).  I was practically giddy
at the thought.  ;-)

There was no mention of a serious security issue with NMC, though, and
there's been no email from EMC since.

Note to EMC: Most IT professionals I've met have more respect for and
trust in a vendor that notifies them when there is a problem with the
vendor's product, rather than letting the customer find out through
some third party.

Anyway, between the possibility for data loss with AFTs and the pretty
serious security problem with NMC, it looks like this update is extremely
important for most customers running 7.3.x.

Tim
--
Tim Mooney                                           Tim.Mooney AT ndsu DOT edu
Information Technology Services                      (701) 231-1076 (Voice)
Room 242-J6, IACC Building                           (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
To sign off this list, send email to listserv AT listserv.temple DOT edu and type "signoff networker" in the body of the email. Please write to networker-request AT listserv.temple DOT edu if you have any problems with this list. You can access the archives at http://listserv.temple.edu/archives/networker.html or 
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER



--
Roberta Gold
Lawrence Livermore National Laboratory
ICC/HPSD - Security Technologies Group
gold11 AT llnl DOT gov
(925) 422-0167

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the body of the email. Please write to networker-request 
AT listserv.temple DOT edu if you have any problems with this list. You can access the 
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Networker] Using tape libraries not listed in Legato's compatibility guide?, Randy Doering
Next by Date:  Re: [Networker] Can no longer use Networker, Itzik Meirson
Previous by Thread:  Re: [Networker] NMC security vulnerability and customer notification, Lars Hecking
Next by Thread:  Re: [Networker] NMC security vulnerability and customer notification, Sune Stjerneby
Indexes:  [Date] [Thread] [Top] [All Lists]