Comentários (1)

1 ChristianSchroeder@IBMDE comentou às Link permanente

Thanks seb_ for posting this article, as it exactly expresses my opinion on that matter. <br /> In fact the majority of security vulnerabilities being published are more of a theoritacl nature, assuming the systems are in a safe environment. <div>&nbsp;</div> There are two rules which always apply in that kind of situation: <br /> 1. Who has got physical access to a system, got the power to do nearly any harm &gt;&gt; angry guy with hammer; access to the facilities has to be under tight control and logging <br /> 2. as you mentioned above by naming firewalls and the like: access to the management LAN has to be restricted as well, so neither a frustrated guy from department xyz nor even a script kiddies from outside can make use of this vulnerability. <div>&nbsp;</div> I'm somewhat surprised, though, to see some news sites reporting about this issue focussing on IBM Storwize family products, e.g. this article on golem.de: https://ibm.biz/BdDQhn (in German). When looking at the CVE details in flash S1004481, a lot of other systems, e.g. from Huawei, Cisco et. al. are affected as well.