Comentarios (1)

1 ChristianSchroeder@IBMDE ha hecho un comentario el Enlace permanente

Thanks seb_ for posting this article, as it exactly expresses my opinion on that matter. <br /> In fact the majority of security vulnerabilities being published are more of a theoritacl nature, assuming the systems are in a safe environment. <div>&nbsp;</div> There are two rules which always apply in that kind of situation: <br /> 1. Who has got physical access to a system, got the power to do nearly any harm &gt;&gt; angry guy with hammer; access to the facilities has to be under tight control and logging <br /> 2. as you mentioned above by naming firewalls and the like: access to the management LAN has to be restricted as well, so neither a frustrated guy from department xyz nor even a script kiddies from outside can make use of this vulnerability. <div>&nbsp;</div> I'm somewhat surprised, though, to see some news sites reporting about this issue focussing on IBM Storwize family products, e.g. this article on (in German). When looking at the CVE details in flash S1004481, a lot of other systems, e.g. from Huawei, Cisco et. al. are affected as well.