[Info-vax] DECnet Phase IV and VMS code comments
clairgrant71 at gmail.com
clairgrant71 at gmail.com
Tue Nov 29 10:08:22 EST 2016
On Tuesday, November 29, 2016 at 8:26:20 AM UTC-5, Simon Clubley wrote:
> On 2016-11-28, Kerry Main <kemain.nospam at gmail.com> wrote:
> >
> > I don't think anyone here views 35+ year old DECnet as a strategic network
> > product.
> >
>
> Once again Kerry, I don't care about the protocol itself; it's obsolete
> and insecure. I only care about the fact that it's still available and
> enabled on VMS systems running today.
>
> Here's an example of why this matters (from over a decade ago):
>
> https://technet.microsoft.com/en-us/library/security/ms02-027.aspx
>
> The Gopher protocol was also obsolete by the time the above vulnerability
> was discovered but it was still enabled in the products in question and
> allowed the systems in question to be compromised.
>
> >
> > I am certainly not in any position to speak for either VSI or HPE, so I will have to assume that you documented the network issue for one of them and it is under investigation.
> >
> > For the benefits of others, the HPE security site is at:
> > http://www8.hp.com/us/en/business-services/it-services/security-vulnerability.html
> >
> > Security Reporting:
> > https://www.hpe.com/h41268/live/index_e.aspx?qid=11503
> >
>
> It's a pity that you couldn't list VSI's secure security reporting
> webpage alongside the HP one above.
Agree. It is still in the to-do queue. We have a ton of things to do but this one has a high priority. I'm hoping we will have something on the website by the end of the month.
More information about the Info-vax
mailing list