Mark Klein wrote:
>
> >I had assumed that all the internet paths into jazz had been secured. Well
> >I've got news for them, I found one that isn't. It's
> >http://jazz.external.hp.com/src/gnu/download3_0_1.html, the one you need to
> >use to download gcc 3.0.1.
>
> Hmmm ... I just surfed from http://jazz.external.hp.com all the way down to
> and including the GNU download page without problems. Note the http: and
> not https: - I got no indications that it was still secured. I believe it
> was only a temporary measure to combat the Code Red/Nimda variations. As
> far as I can tell, it is no longer secure.
Yes, by default you should be using http://jazz. However, ever since the HP
WebWise MPE/iX Secure Web Server was installed onto jazz a year and a half ago
you have also been able to use https://jazz if you want to.
There is no content on jazz that requires secure https access. WebWise is
really just there so the code can be exercised in a real-life web server
environment, and by doing this we have indeed uncovered underlying OS bugs that
have resulted in patches.
So the choice is up to you whether you want to use http://jazz or
https://jazz. But you really only HAVE to use https://jazz if the HP corporate
security police are doing company-wide http port 80 blocking to defend against
Yet Another Microsoft IIS Worm.
--
[log in to unmask]
Remainder of .sig suppressed to conserve scarce California electrons...
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
