[182483] in North American Network Operators' Group
Re: SEC webpages inaccessible due to Firefox blocking servers with
daemon@ATHENA.MIT.EDU (Michael O Holstein)
Fri Jul 17 16:51:43 2015
X-Original-To: nanog@nanog.org
From: Michael O Holstein <michael.holstein@csuohio.edu>
To: Niels Bakker <niels=nanog@bakker.net>, "nanog@nanog.org" <nanog@nanog.org>
Date: Fri, 17 Jul 2015 20:48:24 +0000
In-Reply-To: <20150717203027.GB81337@excession.tpb.net>
Errors-To: nanog-bounces@nanog.org
>Why do you upgrade your management systems asynchronously to your
>applications? You bring this on yourself.
Perhaps, but SaaS "management systems" are out of our control. They TELL us=
when they upgrade, they do not ASK. A web browser isn't really an applicat=
ion, you can't wait to upgrade.
Related head-shaker .. the premier vendor of time management (who shall rem=
ain nameless) requires an outdated version of java that has a number of kno=
wn vulnerabilities. They have been doing this for several years now.
>Why do you access mission-critical systems that are provably insecure
>from systems that also have internet access?
Because they are "hosted" magical unicorn "cloud services" .. they ARE ON t=
he Internet.
>If it's not mission-critical, then you should explain why you haven't
>dumped that vendor yet for shipping insecure software - an insecurity
>that is very easy to mitigate by them, should they have chosen to.
Contracts, that's why. And it's not "shipping" anything .. these are "enter=
prise" cloud services that cost on the order of $50k-$100k per year.
My $0.02 .. any reference to a company fictional or not is purely coinciden=
tal, etc.
Michael Holstein
Cleveland State University=
