[Info-vax] Problem with Filezilla connecting to OpenVMS
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Sun Dec 9 20:00:33 EST 2018
On 2018-12-09, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
> On 2018-12-09 14:37:44 +0000, Hans Blom said:
>
>> On Friday, December 7, 2018 at 12:25:11 PM UTC+1, DuncanMorris wrote:
>>>
>>> Filezilla 3.36 works with HP's V8.4 / TCPIP V5.7-ECO05, provided you
>>> also have the TCPIP-SSH-'arch'_V57-ECO5G patches installed.
>>
>> unfortunately it's not up to me to even recommend an upgrade to 8.4,
>> customer is stuck with it.
If the customer is "stuck" with it, then I hope they have taken
precautions to secure the VMS system against current and future
vulnerabilities.
>
> You can and should recommend it. Whether the decision is made to
> upgrade or not is the customer's decision. In some organizations, this
> sort of detail can end up being relevant to SEC filings, and you really
> don't want to be left holding that bag all by yourself.
>
I very strongly agree with this. The OP _really_ needs to raise the
issue with the customer and to do it formally. The customer can always
reject the recommendation, but the customer can't then say "why didn't
you warn us ?" if the customer gets compromised.
>
> As I've commented elsewhere, we're on a treadmill of updates here,
> which means staying current. Or accruing risk. That trade-off being
> one that management is paid to make.
>
Also agree. I would hope people realise their VMS systems are
just as vulnerable as non-VMS systems are. If the decision is
taken to freeze VMS systems at a specific version, that needs
to be a specific management decision and it needs to be
formally signed off by management after they have been made aware
of the risks involved.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list