Re: IBM says AMD dead in 5yrs ... -- Microsoft Monopoly vs. IBM monopoly

From: David Webb (david20@alpha2.mdx.ac.uk)
Date: 04/22/03 

From: david20@alpha2.mdx.ac.uk (David Webb)
Date: Tue, 22 Apr 2003 13:15:29 +0000 (UTC)

In article <b83agv$cbm$4@bob.news.rcn.net>, jmfbahciv@aol.com writes:
>In article <b810ju$ptq$1@aquila.mdx.ac.uk>,
> david20@alpha2.mdx.ac.uk (David Webb) wrote:
>>In article <b80in2$rgo$6@bob.news.rcn.net>, jmfbahciv@aol.com writes:
>>>In article <3EA365D0.3090804@tsoft-inc.com>,
>>> David Froble <davef@tsoft-inc.com> wrote:
>>>>J. Clarke wrote:
>>>>
>>>>> In article <00A1BAF7.D4960A23@SSRL.SLAC.STANFORD.EDU>,
>>>>> winston@SSRL.SLAC.STANFORD.EDU says...
>>>>
>>>>>>>There are problems with Windows, but blame it for what it does, not
>for
>>>>>>>what applications running under it do.
>>>>>>>
>>>>>>I blame Microsoft in general, but Windows both has vulnerabilities of
>>>its
>>>>>>own and enables vulnerabilities in application software.
>>>>>>
>>>>>
>>>>> Every OS has vulnerabilities. If you think they don't you are
>deluding
>>>>> yourself.
>>>>
>>>>
>>>>As for that, please direct me to any vulnerabilities in VMS. People
>keep
>>>>claiming that every OS has problems, but when asked, never
>>>>seem able to point to
>>>>any for VMS.
>>>
>>>Well, it helped to have the OS run on college computers who had
>>>maintenance service contracts. Those college critters were
>>>real good at finding all the little cracks in the security wall.
>>>
>>>Unfortunately, that aspect of the computing doesn't happen since
>>>everybody has their own system and don't have the challenge
>>>of defying an Establishment system.
>>>
>>
>>Even in Universities where teaching of computing is decentralised so each
>>school has their own systems there will still be centralised systems for
>>Administration.
>>For that matter the individual department/systems whether VMS, Unix or
>Windows
>>fileservers, compute servers, mail servers etc will still be a target.
>>
>>The administrative systems particularly those containing student records
>will
>>be a particular target.
>>
>>Having a system on software/hardware maintenance doesn't help very much
>when it
>>comes to security. Security issues are generally handled outside of such
>>support contracts. Once a vulnerablity becomes known it is in the vendors
>best
>>interest to provide a fix for all vulnerable systems irrespective of their
>>support contract status. It's possible that if you have a support contract
>you
>>may get a heads up from the vendor before you hear about it from other
>sources.
>>However knowing about the vulnerability and fix is only half of the
>solution.
>>The other half is being able to apply the patches. Unfortunately with some
>OSs
>>the frequency of security problems means that it is politically impossible
>>to apply the patches in a timely fashion - you would be taking the system
>down
>>every few days.
>
>SIGH! How did the vendor _find out_ about problems? Within DEC,
>the mechanism was through the support organization.
>
>You should find out how those SPRs were handled in the olden days.
>

Although people with support contracts would report problems through the SPR
mechanism I am pretty sure that DEC would treat any report of of a security
problem as a serious issue however it was reported. The fact that the person
who reports a problem doesn't have a support contract should be irrelevent if
it is a security problem.

Nowadays I would hope that a report of a security vulnerability from a hobbyist
would be treated just as seriously by HP as a report of a vulnerability from
a customer with a maintenance contract.

David Webb
VMS and Unix team leader
CCSS
Middlesex University

>/BAH
>
>Subtract a hundred and four for e-mail.

Relevant Pages

  • Re: Starting a Pen-Testing Career
    ... Perhaps my perceptions of the business are a bit naive, ... Buinsesses don't care about security and vulnerabilty and exposure. ... How else would they be able to provide such a report in isolation - ... written vulnerability scanner' to produce reports. ...
    (alt.computer.security)
  • RE: nessus which plugin reports which vulnerability?
    ... would get you the plug-in. ... could match key-words from the report back to the plug-ins by name. ... Institute for Security and Open Methodologies ... nessus which plug'in reports which vulnerability? ...
    (Pen-Test)
  • Re: Pentester convicted..
    ... security vulnerability to the owners of a web site, ... The fact that he made an anonymous report to SecurityFocus ...
    (Pen-Test)
  • RE: Object Codebase vulnerability not fixed by SP1 or Q324929 Patch
    ... | pointed me to and try to find the 'Report vulnerability' ... |>Hello Joe, ... |>To report a security concern to the security team, ...
    (microsoft.public.security)
  • RE: what to do it illegal activity found during pen-test
    ... My initial thought was report it to the police ... designated in the contract at the start of the engagement. ... email you encrypt it using the public key of the security contact given to ... managed service can help you: http://www.cenzic.com/news_events/wpappsec.php ...
    (Pen-Test)