Elaborating on the details would be akin to posting a prominent sign on your front door: "Attention--lock broken. Locksmith coming Tuesday"
. . JO.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 626-302-7535 Office 323-715-0595 Mobile jo.skip.robin...@sce.com From: "Joel C. Ewing" <jcew...@acm.org> To: IBM-MAIN@LISTSERV.UA.EDU, Date: 01/03/2013 04:16 PM Subject: Re: Security vulnerability in IBM HTTP Server for z/OS Version 5.3 (PM79239) Sent by: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On 01/03/2013 05:47 PM, Arthur T. wrote: > On 3 Jan 2013 13:29:55 -0800, in bit.listserv.ibm-main > (Message-ID:<of7b5d33fe.a7936193-on86257ae8.0075bd35-86257ae8.00761...@fruit.com>) > craig.p...@fotlinc.com wrote: > >> These are IBM Security Alerts and do not come through as HYPER or RED >> ALERT, they only come in as Security Alerts. IBM sends them >> "discreetly" in this manner to try and prevent anyone from saying >> "Oh, there is a whole..........let me use it". If not registered, >> you will never know unless you get a call from your IBM Rep or >> Business Partner. > > Well then, it's a good thing that the IBM reps carefully explained all > of this to all of their customers. Otherwise, a link to the problem > might be posted to a publicly-available newsgroup. > > </snark> > > Which also demonstrates why IBM was/is probably wise to never announce enough details to clue someone how to exploit a security hole, lest it get carelessly posted in a public forum before all systems are patched. -- Joel C. Ewing, Bentonville, AR jcew...@acm.org ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN