[Info-vax] DECnet Phase IV and VMS code comments
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Tue Nov 29 08:25:01 EST 2016
On 2016-11-28, Kerry Main <kemain.nospam at gmail.com> wrote:
>
> I don't think anyone here views 35+ year old DECnet as a strategic network
> product.
>
Once again Kerry, I don't care about the protocol itself; it's obsolete
and insecure. I only care about the fact that it's still available and
enabled on VMS systems running today.
Here's an example of why this matters (from over a decade ago):
https://technet.microsoft.com/en-us/library/security/ms02-027.aspx
The Gopher protocol was also obsolete by the time the above vulnerability
was discovered but it was still enabled in the products in question and
allowed the systems in question to be compromised.
>
> I am certainly not in any position to speak for either VSI or HPE, so I will have to assume that you documented the network issue for one of them and it is under investigation.
>
> For the benefits of others, the HPE security site is at:
> http://www8.hp.com/us/en/business-services/it-services/security-vulnerability.html
>
> Security Reporting:
> https://www.hpe.com/h41268/live/index_e.aspx?qid=11503
>
It's a pity that you couldn't list VSI's secure security reporting
webpage alongside the HP one above.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list