What about companies that allow HMC access from home? I used to work for one.
- -teD - Original Message From: R.S. Sent: Wednesday, October 1, 2014 10:27 To: [email protected] Reply To: IBM Mainframe Discussion List Subject: Re: More on the Bash Security Vulnerability: CVE-2014-6271 & CVE-2014-7169 Rex, My humble opinion is the isolated devices are not in danger even if the microcode has some vulnerabilities. HMC is good example of such device. You don't install anything on that, you don't connect it to the Internet just like PC, the connection to IBM support system is quite different thing. While it's good to fix any vulnerability if possible, I wouldn't worry about bash in HMC. BTW: many moons ago there was a PC on the top of ESCON Director. IBM 286 with PC-DOS. Should we worry about it's vulnerabilities? Everyone could install Doom on it (assuming 286 was enough). Actually I still have such Director working, but I'm not going to install any game on the PC. -- Radoslaw Skorupka Lodz, Poland W dniu 2014-10-01 o 16:06, Pommier, Rex pisze: > Radoslaw, > > About whether your microwave is safe or not. Is it connected to the internet? > If so, it may be safe but other devices may not be because of it. Does it > have enough compute power and memory for somebody to remotely inject code > into it? Could this code then be used to send bogus requests to somebody's > server to "help" with a DDOS attack? That's where one of the bigger > vulnerabilities in this mess is. > > I know you're being tongue-in-cheek with the microwave comment, but reading a > couple articles about the guy who was able to remotely install the game > "Doom" on a printer and get it working shows some of the ways this thing > could be exploited. > > Rex > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of R.S. > Sent: Wednesday, October 01, 2014 8:25 AM > To: [email protected] > Subject: Re: More on the Bash Security Vulnerability: CVE-2014-6271 & > CVE-2014-7169 > > W dniu 2014-10-01 o 14:51, Dana Mitchell pisze: >> On Fri, 26 Sep 2014 18:42:15 +0800, Timothy Sipples <[email protected]> >> wrote: >>> As for z/OS, most z/OS customers are likely to be unaffected. >>> >> IBM acknowledged that DS8000 HMCs currently utilize BASH and are thus >> vunerable. >> > What does it mean? Do you download & install any software on that? > My microwave owen has Linux onboard, unpatched, with bunch of > vulnerabilites. But the only thing I insert there is food. Is it safe? > :-) > --- Treść tej wiadomości może zawierać informacje prawnie chronione Banku przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie lub inne działanie o podobnym charakterze jest prawnie zabronione i może być karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku. This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorized to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa, www.mBank.pl, e-mail: [email protected] Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, nr rejestru przedsiębiorców KRS 0000025237, NIP: 526-021-50-88. Według stanu na dzień 01.01.2014 r. kapitał zakładowy mBanku S.A. (w całości wpłacony) wynosi 168.696.052 złote. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
