On 14Oct01:1705+0200, R.S. wrote: > Important: we are not talking about any possible > vulnerability, we are talking about THIS vulnerability.
I did not understand your comment to be so limited. Frankly I would be stupified to learn bash is installed in any HMC and that would alarm me exceedingly. My point is you cannot know if the HMC and SE platforms are so vunerable. > While it would be nice to have no errors and > vulnerabilities, we are living in a world where > software errors do happen and it's good to know how > dangerous it can be for given scenario. IMHO in > this case there is no need to worry. Are you not trusting IBM to ensure you need not be concerned about HMC integrity, or have you been able to audit the platform, including its hardware firmware, and its support infrastructure? > What would be a scenario of attack? Note: "I don't > know" is not an option. The same answer apply to > all remaining bugs we don't know YET, but in this > case connection to the host's SE cannot be used as > attack method. First it is necessary to determine the resources that can be brought to bear on the attack, which depends upon the value of a successful outcome. In this case, it is reasonable to expect a highly captialized effort could be mounted--we are not talking about script kiddies here. An NSA-level effort involving infiltration of the HMC and SE support infrastructures might be a genuine possibility considering the value of the assets in those CECs. I would expect the goal to be (1) surreptitiously injecting a covert channel from the SE or (2) enabling a coordinated DoS attack halting the processing of targeted CECs. I can hope establishing a means of modifying customer data undetected would not be feasible for any organization, but I cannot develop an informed opinion, nor can you. Security through obscurity has its limitations. -- <not cent from sell> May the LORD God bless you exceedingly abundantly! Dave_Craig______________________________________________ "So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe." __--from_Nightfall_by_Asimov/Silverberg_________________ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
