Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Networker] NMC security vulnerability and customer notification

2007-03-08 12:03:18
Subject: Re: [Networker] NMC security vulnerability and customer notification
From: Tim Mooney <Tim.Mooney AT NDSU DOT EDU>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Thu, 8 Mar 2007 10:58:11 -0600 
In regard to: Re: [Networker] NMC security vulnerability and customer...:


So when EMC called me back wanting to close out my open ticket on Update
1 - I asked them why the alert didn't include notification of
a "Explotable Security Vulnerability" in nmc?  The answer I recieved was
that it wasn't announced yet because they are still working the
vulnerability announcement through CERT, and would be doing a follow on
announcement this week.  This seemed like a reasonable response to me...
It will be interesting to see how long this announcement takes to come
out.


On the surface it sounds reasonable.  Once news of the vulnerability
becomes public, though, the primary concern should be getting word to
the customer that

        - there's a security problem that we'll tell you more about later
        - there's a patch that remedies the problem, here's where you get it.

The vulnerability has already had vague information published in it's CVE
entry and was mentioned on the SANS @Risk list, which is where I learned
about it.  I too will be interested to see how much longer it's going to
be for the CERT announcement.

Hrvoje Crvelin pointed out to me off-list that if I could figure out how
to subscribe to alerts through Powerlink (which I so far have not been
able to do), I would have received something from EMC already, so EMC is
doing *something* to notify customers.  That's good.

Thanks for sharing the information that EMC provided to you!

Tim
--
Tim Mooney                                           Tim.Mooney AT ndsu DOT edu
Information Technology Services                      (701) 231-1076 (Voice)
Room 242-J6, IACC Building                           (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the body of the email. Please write to networker-request 
AT listserv.temple DOT edu if you have any problems with this list. You can access the 
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Networker] Accessing Legato documentation?, Stan Horwitz
Next by Date:  [Networker] Problem backing up a Linux box, Stan Horwitz
Previous by Thread:  Re: [Networker] NMC security vulnerability and customer notification, Nancy Magers
Next by Thread:  [Networker] Networker hotfix post-jumbo "upgrade" announced on March 1, 2007, dated to Dec 20, 2006 -- does it fix the problems, or just make the errors go UNREPORTED?, Scott Clous
Indexes:  [Date] [Thread] [Top] [All Lists]