MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » April 2014

RE: OpenSSL Vulnerability Notice



fixed

HMC 7042 CR6 now compliant, just finished installing 7770 SP 3, MH01409, MH01422
HMC internet download failed, twice.
/software/server/hmc/updates isos could be seen, but failed on download.
Has anyone else used the internet download upload successfully.
What is needed for it work?
Downloaded iso to PC, then to USB flash drive.
HMC update(s) went fine.
Only issue here is that the USB drive and to be removed and re-inserted each time.
HMC would not see the USB flash drive following a reboot, which was necessary after each HMC update.

Paul

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of John Jones
Sent: Tuesday, April 22, 2014 4:52 PM
To: Midrange Systems Technical Discussion
Subject: Re: OpenSSL Vulnerability Notice

My point was that for those who want to know if a compensating control (network design) is sufficient protection, the answer is that in this case it usually won't be as the vulnerability can still be exploited as long as the web service is available outside the protected network.



On Tue, Apr 22, 2014 at 1:13 PM, <rob@xxxxxxxxx> wrote:

Keeping in mind that many people think that the only nefarious attacks
you'll ever get are from outside of your company I can maybe see if
that's where Mr. Draper is coming from. Supposing that mythological
beast is true, there is always the risk that someone's PC could get
infected and start scanning your network, take advantage of that
weakness and report the results to the outside.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.




--
John Jones, CISSP
History has taught us that we don't learn from the past.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact