Re: [Networker] NMC security vulnerability and customer notification
2007-03-08 12:03:18
In regard to: Re: [Networker] NMC security vulnerability and customer...:
So when EMC called me back wanting to close out my open ticket on Update
1 - I asked them why the alert didn't include notification of
a "Explotable Security Vulnerability" in nmc? The answer I recieved was
that it wasn't announced yet because they are still working the
vulnerability announcement through CERT, and would be doing a follow on
announcement this week. This seemed like a reasonable response to me...
It will be interesting to see how long this announcement takes to come
out.
On the surface it sounds reasonable. Once news of the vulnerability
becomes public, though, the primary concern should be getting word to
the customer that
- there's a security problem that we'll tell you more about later
- there's a patch that remedies the problem, here's where you get it.
The vulnerability has already had vague information published in it's CVE
entry and was mentioned on the SANS @Risk list, which is where I learned
about it. I too will be interested to see how much longer it's going to
be for the CERT announcement.
Hrvoje Crvelin pointed out to me off-list that if I could figure out how
to subscribe to alerts through Powerlink (which I so far have not been
able to do), I would have received something from EMC already, so EMC is
doing *something* to notify customers. That's good.
Thanks for sharing the information that EMC provided to you!
Tim
--
Tim Mooney Tim.Mooney AT ndsu DOT edu
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
|
|