Educause Security Discussion mailing list archives
Re: Vulnerability? Or...not so much?
From: David Shettler <dshettle () HOLYCROSS EDU>
Date: Sat, 3 Apr 2010 23:06:00 -0400
On Sat, Apr 3, 2010 at 10:59 PM, Jason Testart <jatestart () uwaterloo ca> wrote:
Do you have some way of mitigating the risk?
Unfortunately, the only way to mitigate the risk is to firewall, which inconveniences users, and may require a larger deployment of our VPN than we had spec'd on the VPN. The application is built around the flaw and depends on it, and there's no way to discern between authorized and unauthorized attempts to view the files.
I agree with you, the vendor has no business accepting the risk. If the vendor refuses to acknowledge this as a security issue, then the vendor shouldn't have a problem if you shared the issue with other institutions. Right?
Well put, sir.
Current thread:
- Vulnerability? Or...not so much? David Shettler (Apr 03)
- <Possible follow-ups>
- Re: Vulnerability? Or...not so much? Jason Testart (Apr 03)
- Re: Vulnerability? Or...not so much? David Shettler (Apr 03)
- Re: Vulnerability? Or...not so much? Charles Buchholtz (Apr 03)
- Re: Vulnerability? Or...not so much? Charles Buchholtz (Apr 03)
- Re: Vulnerability? Or...not so much? Matthew Wollenweber (Apr 03)
- Re: Vulnerability? Or...not so much? Gibson, Nathan J. (HSC) (Apr 03)
- Re: Vulnerability? Or...not so much? Dexter Caldwell (Apr 03)
- Re: Vulnerability? Or...not so much? David Shettler (Apr 03)
- Re: Vulnerability? Or...not so much? Steve Werby (Apr 04)
- Re: Vulnerability? Or...not so much? SCHALIP, MICHAEL (Apr 04)
- Re: Vulnerability? Or...not so much? Vik Solem (Apr 05)