LISTSERV - HP3000-L Archives

HP3000-L Archives

March 1995, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L March 1995, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security reply
From:	Isaac Blake <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Mon, 27 Mar 1995 08:20:01 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (59 lines)

Item Subject: Message text
> Well, it seems that Isaac has officially declared a flame war and I expect
> to pour all the gas I can on this one.
 
Joe, I didn't declare a flame war, I stated I expected to be flamed over my
reply (big difference)!!!
 
> Isaac have you every heard of a non-disclosure agreement??   I'm sure you
> signed one to get the password to the MPE diagnostics.. didn't you?
 
I have so many NDAs the simplest way for me to handle them was a blanket NDA and
beta test agreedment.  Yes, I signed the one for the diagnostics, in fact I was
one of the first.
 
> And I'm also sure you wouldn't open up your mouth and blab this, would you?
> I thought not.
 
Sure I haven't opened my mouth, but I personally know of others who have and
even given third-parties access to the diagnostics in direct violation of the
NDA.  Remember I'm also a Reserve Police Sergeant and I've seen this too many
times, especially when the press gets "interested" in the topic.
 
> This must imply that you believe one of us HP3000-L members would make this
> information public.
 
First off the information should not be sent out via the HP3000-L, especially
considering *ANYONE* can subscribe to this newsgroup.  Secondly where most of
the disclosures come from is the "good ol' boys" approach.  In other words, you
tell someone else who you feel you can trust, and then they give it to someone
else and...  As well, I'm sure Ron Seybold can attest the number of times he
gets NDA information from an "informed source".
 
> I think you have just insulted every member of this discussion group!
> Shame, Shame, Shame, Shame, Shame, Shame, Shame, Shame .... on YOU.
 
No I didn't, if you review my original message I stated with all due respect to
the members of this group a different opinion.  If we can not openly discuss
differing points of view without geting down to name calling and taking it
personally, then it's a loss for all of us!!!
 
> HP has open the floodgates with the disclosure of security problems.  They
> owe it to every single System Manager to reveal the details.  How they do
> that is up to them, as long as they do it quickly.
 
Joe I'm sure you realize there is different levels of problems and NDA style of
information.  Even with the level of NDAs I have, I know HP is not telling me
everything, even when it effects me and my site.  I ask for you to consider this
one issue, what would be your response to a site who had their security breeched
due to the fact that this information somehow got public???  Also look at
internally within HP, they are not even providing the information to other areas
of the lab.
 
Regarding HP opening the floodgates, yes I can see the headlines and sound bites
now...  Well at least I think I've found my yet TBD "hot topic" for the
SIGSYSMAN meeting next week.
 
Respectfully submitted,
/isaac

ATOM RSS1 RSS2

RAVEN.UTC.EDU