Dennis, You must have fallen off the list, I received the HYPER NOTIFICATION on 10/19/2005 and called them shortly after that to discuss the rather unusual problem description/solution. I'll forward the HYPER NOTIFICATION to you in a moment.
You might want to check on Customer Connect to ensure that you are subscribed properly. If not, we customers have yet another problem. Mike Walter Hewitt Associates The opinions expressed herein are mine alone, not my employer's. "O'Brien, Dennis L" <Dennis.L.O'[EMAIL PROTECTED]> Sent by: "VM/ESA and z/VM Discussions" <[email protected]> 10/28/2005 02:27 PM Please respond to "VM/ESA and z/VM Discussions" <[email protected]> To [email protected] cc Subject Re: How to handle security hole? CA used to have mailing lists for Hiper fix notifications. I haven't received such a notice in so long that I don't know if there haven't been any Hipers, I fell off the list, or the list was discontinued. I'd expect to be notified immediately if a product that we use had that kind of security exposure. I understand if CA doesn't want to discuss the details, but I need to know that there's a problem. Dennis O'Brien Bank of America "You can have peace, or you can have freedom. Don't ever count on having both at the same time." -- Robert A. Heinlein -----Original Message----- From: VM/ESA and z/VM Discussions [mailto:[EMAIL PROTECTED] On Behalf Of Romanowski, John (OFT) Sent: Friday, October 28, 2005 11:12 To: [email protected] Subject: How to handle security hole? I alerted Computer Associates (CA) to a security hole in one of their VM products that let's any VM userid control a VM system that runs this product. CA wrote a fix. If your VM system's running this product without the fix then it has this security hole active now. The security hole is installed by default and there's no product installation step or configuration parameter that closes the hole. CA and I have agreed to disagree on how well they alert their customers to the existence of security-related fixes for VM products. My question to all is would you rather CA labeled VM product fixes as security-related or not? Is security thru obscurity better? -------------------------------------------------------- This e-mail, including any attachments, may be confidential, privileged or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system. The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited.
