Re: [Networker] NMC security vulnerability and customer notification

Actually, on reading the alert  I thought we had the right product
already - the one from early december. but on reading the text file you
sent I see there's 'another' 7.3.2 Jumbo 1.   this is driving me nuts...
I'm going to start monitoring datestaps on their ftp site or something -
seems to be the only way to detect when a version comes out...


Just for the record - if you have nw_7_3_2_jumbo.Build.11   it's not the
same as 732JumboUpdate1 Build 386

-----Original Message-----
From: EMC NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU] On
Behalf Of Tim Mooney
Sent: Tuesday, 6 March 2007 12:01 PM
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: [Networker] NMC security vulnerability and customer
notification

Does anyone else think it's weird that EMC knows how to send email to me
when there's a new release of some product like DiskXtender or
Documentum, neither of which we have, but they rarely let their
customers know when there's a serious problem with one of the products
that we do have:


http://www.securityfocus.com/bid/22789

ftp://ftp.legato.com/pub/NetWorker/Updates/732JumboUpdate1/README%20732%
20Jumbo%20Update%201.txt



Now to EMC's credit, I *did* get email from them on March 1, telling me
about the data loss problem if using Advanced File Type devices with
NetWorker.  I was very happy to see it, and thought perhaps EMC was
going to start proactively notifying me about serious problems that are
discovered in a product we do have (NetWorker).  I was practically giddy
at the thought.  ;-)

There was no mention of a serious security issue with NMC, though, and
there's been no email from EMC since.

Note to EMC: Most IT professionals I've met have more respect for and
trust in a vendor that notifies them when there is a problem with the
vendor's product, rather than letting the customer find out through some
third party.

Anyway, between the possibility for data loss with AFTs and the pretty
serious security problem with NMC, it looks like this update is
extremely important for most customers running 7.3.x.

Tim
-- 
Tim Mooney                                           Tim.Mooney AT ndsu DOT edu
Information Technology Services                      (701) 231-1076
(Voice)
Room 242-J6, IACC Building                           (701) 231-8541
(Fax)
North Dakota State University, Fargo, ND 58105-5164

To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or via RSS at
http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

NOTICE
This e-mail and any attachments are confidential and may contain copyright 
material of Macquarie Bank or third parties. If you are not the intended 
recipient of this email you should not read, print, re-transmit, store or act 
in reliance on this e-mail or any attachments, and should destroy all copies of 
them. Macquarie Bank does not guarantee the integrity of any emails or any 
attached files. The views or opinions expressed are the author's own and may 
not reflect the views or opinions of Macquarie Bank.

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the body of the email. Please write to 
networker-request AT listserv.temple DOT edu if you have any problems with this 
list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER