LISTSERV - HP3000-L Archives

HP3000-L Archives

March 1995, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L March 1995, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Secretive security notification letter
From:	Chris Bartram <[log in to unmask]>
Reply To:	Chris Bartram <[log in to unmask]>
Date:	Fri, 24 Mar 1995 12:24:09 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (26 lines)

 In [log in to unmask]> Mark Bixby <[log in to unmask]> writes:

> That is all the detail given; sort of like hearing that your car has been
> recalled without knowing what the exact defect is.  ;-)

[snip]

> I think the designated person(s) on an HP support contract should be able to
> go through their local SE (who knows them personally, one would hope!) to
> obtain technical details about security issues like this.
>
> Comments?  Would anybody who does know about these bugs care to e-mail me the
> technical details strictly off the record and not for redistribution?

I'd also like to know the details. I *am* glad they didn't publish the
details in the letters or e-mail they sent out, but it would be nice to have
a means for those in a position to have to make the decisions about the
severity of the vulnerability in our environments, and whether the efforts
required to patch them are warranted, to get a little more details.

I would like to applaud HP's approach to this problem. After the flak they've
taken in the past over the installed base not being notified of potential
problems, it seems someone was listening. Well done.

                   -Chris Bartram

ATOM RSS1 RSS2

RAVEN.UTC.EDU