nanog mailing list archives
Re: Cisco Security Advisory
From: Robert Drake <rdrake () direcpath com>
Date: Fri, 28 Mar 2014 20:20:24 -0400
On 3/28/2014 4:11 PM, Scott Weeks wrote:
I hate that it's spam for some and relevant for others, but in the NSP world you can almost be certain that someone is going to have at least some Cisco equipment (even companies who are known to dislike Cisco enough to avoid them religiously have bought other companies who might have Cisco gear)If a person is on multiple of *NOG mailing lists a lot of these're received. For example, I got well over 30 of them this round. It'd be nice to get something brief like this: ---------------------------------------------- The Semiannual Cisco IOS Software Security Advisory has been released. For information please goto this URL: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html Advisory titles: - Session Initiation Protocol Denial of Service Vulnerability - Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability - Internet Key Exchange Version 2 Denial of Service Vulnerability - Network Address Translation Vulnerabilities - SSL VPN Denial of Service Vulnerability - Crafted IPv6 Packet Denial of Service Vulnerability ----------------------------------------------- Not everyone uses cisco and not everyone needs to see every vulnerability detail email multiple times. Imagine if all vendors started doing what cisco is doing.
Having the vulnerability in the subject draws attention to the problems and makes people less likely to ignore it. When I see keywords of technologies I'm using, like IPv6 or 6500 I tend to read through carefully to see if I'm vulnerable. Because it can be difficult and time consuming to see if all your gear is vulnerable, If it's a bug in <obscure card I didn't buy one of> or <weird technology I haven't had a chance to run> then I'm not as diligent. I guess I might be selfish because seeing 5 advisories at once is like a giant line break in NANOG discussions, so it's harder to tune it out and skip the emails :)
They could Bcc: all the lists they are sending to in one set of emails so the message-id is the same, then you could filter duplicates at least. Or they could do the summary email like you guys want, whichever makes people happy. :)
:-( scott
:-( Robert
Current thread:
- Re: Cisco Security Advisory Scott Weeks (Mar 28)
- Re: Cisco Security Advisory Robert Drake (Mar 28)
- <Possible follow-ups>
- Re: Cisco Security Advisory Scott Weeks (Mar 28)
- Re: Cisco Security Advisory Mark Tinka (Mar 28)
- Re: Cisco Security Advisory Randy Bush (Mar 28)
- Message not available
- Re: Cisco Security Advisory Larry Sheldon (Mar 28)
- Re: Cisco Security Advisory Mark Tinka (Mar 28)