[Info-vax] HP now giving away free malware with their switches...
David Froble
davef at tsoft-inc.com
Thu Apr 12 13:45:19 EDT 2012
Paul Sture wrote:
> On Thu, 12 Apr 2012 07:43:54 -0700, Rich Jordan wrote:
>
>> On Apr 12, 9:12 am, IanMiller <g... at uk2.net> wrote:
>>> Schadenfreude is generally popular here.
>> Ian
>> with respect, for some of us its more resignation and
>> disappointment... and a bit of 'so what did you expect?'.
>>
>> If more secure systems were used in the development and
>> production/distribution environment, things like this might not happen
>> or would be far less likely.
>
> It is indeed a pity. I've heard good reports from folks using the
> ProCurve range of gear.
>
>
I think it's a question of acceptance. Many just accept that there will be malware, and
don't care to do anything about it.
It's like the credit card companies. Security conscious people tried for the longest time
to get them to be more security conscious. They were mainly ignored. Then the credit
card companies lost millions, perhaps billions, and now we got PCI compliance. A
technical solution? I don't think so. More like a management solution, and it's not
going to work. They're still going to get busted.
We had a solution already implemented, using a combination of things, including a private
encryption. But no, we were told that we MUST use SSL, and the OpenSSL port to VMS is
much worse than trash. I've been able to get access violations, which is most likely
buffer over-runs, and just about certain it's down in the ported code.
More information about the Info-vax
mailing list