Discussion:
FLASH: Security Bulletin: Vulnerability in SSLv3 affects TS3310 (CVE-2014-3566) (2014.10.22)
(too old to reply)
r***@public.gmane.org
2014-10-22 18:19:18 UTC
Permalink
Raw Message
----- Forwarded by Rob Berendt/DEKKO on 10/22/2014 02:18 PM -----

From: IBM My Notifications <mynotify-6DQmpne6mM6PQxpovLcoS1aTQe2KTcn/@public.gmane.org>
To: rob-***@public.gmane.org
Date: 10/22/2014 01:49 PM
Subject: FLASH: Security Bulletin: Vulnerability in SSLv3 affects
TS3310 (CVE-2014-3566) (2014.10.22)




My notifications for Storage - 22 Oct 2014

Dear Subscriber (robberendt),

Here are your bulletin email notifications for your subscriptions at IBM
My notifications.

Visit the recently updated IBM Electronic Support site to get connected
with our powerful online tools, tips, and resources.
- http://ibm.co/MyNeSupport

Your support notifications display in English by default. Machine
translation based on your IBM profile
language setting is added if you specify this option in My defaults within
My notifications.
(Note: Not all languages are available at this time, and the English
version always takes precedence
over the machine translated version.)

------------------------------------------------------------------------------
1. TS3310 Tape Library (3576)

- TITLE: Security Bulletin: Vulnerability in SSLv3 affects TS3310
(CVE-2014-3566)
- URL:
http://www.ibm.com/support/docview.wss?uid=ssg1S1004960&myns=s034&mynp=OCSTCXRHW&mync=E

- ABSTRACT: SSLv3 contains a vulnerability that has been referred to as
the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3
is enabled in TS3310.

------------------------------------------------------------------------------
Manage your My notifications subscriptions, or send questions and
comments.
- Subscribe or Unsubscribe - https://www.ibm.com/support/mynotifications
- Feedback - https://www-912.ibm.com/x_dir/xfeedback.nsf/feedback?OpenForm

To ensure proper delivery please add mynotify-6DQmpne6mM6PQxpovLcoS1aTQe2KTcn/@public.gmane.org to your
address book.
You received this email because you are subscribed to IBM My notifications
as:
robberendt

Please do not reply to this message as it is generated by an automated
service machine.

(C) International Business Machines Corporation 2014. All rights reserved.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Roberto José Etcheverry Romero
2014-10-22 20:13:03 UTC
Permalink
Raw Message
Poodle, Heartbleed, shellshock, if any C level suit needed a reason to
listen when they ask for a separate management LAN, this is a pretty good
list of arguments...
Thanks Rob for the update. I note that the update doesnt mention a fix yet,
only that the TS3310 has sslv3 enabled and is thus vulnerable to MiTM
attacks.
Post by r***@public.gmane.org
----- Forwarded by Rob Berendt/DEKKO on 10/22/2014 02:18 PM -----
Date: 10/22/2014 01:49 PM
Subject: FLASH: Security Bulletin: Vulnerability in SSLv3 affects
TS3310 (CVE-2014-3566) (2014.10.22)
My notifications for Storage - 22 Oct 2014
Dear Subscriber (robberendt),
Here are your bulletin email notifications for your subscriptions at IBM
My notifications.
Visit the recently updated IBM Electronic Support site to get connected
with our powerful online tools, tips, and resources.
- http://ibm.co/MyNeSupport
Your support notifications display in English by default. Machine
translation based on your IBM profile
language setting is added if you specify this option in My defaults within
My notifications.
(Note: Not all languages are available at this time, and the English
version always takes precedence
over the machine translated version.)
------------------------------------------------------------------------------
1. TS3310 Tape Library (3576)
- TITLE: Security Bulletin: Vulnerability in SSLv3 affects TS3310
(CVE-2014-3566)
http://www.ibm.com/support/docview.wss?uid=ssg1S1004960&myns=s034&mynp=OCSTCXRHW&mync=E
- ABSTRACT: SSLv3 contains a vulnerability that has been referred to as
the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3
is enabled in TS3310.
------------------------------------------------------------------------------
Manage your My notifications subscriptions, or send questions and
comments.
- Subscribe or Unsubscribe - https://www.ibm.com/support/mynotifications
- Feedback - https://www-912.ibm.com/x_dir/xfeedback.nsf/feedback?OpenForm
address book.
You received this email because you are subscribed to IBM My notifications
robberendt
Please do not reply to this message as it is generated by an automated
service machine.
(C) International Business Machines Corporation 2014. All rights reserved.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
r***@public.gmane.org
2014-10-23 13:42:54 UTC
Permalink
Raw Message
I still don't get the hubbub over a separate management lan. Why is it
important for my tape drive, fsp, etc to be more secure than payroll, erp,
engineering, patient data, actions of undercover agents, missile defense,
etc?


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: Roberto José Etcheverry Romero <yggdrasil.raiker-***@public.gmane.org>
To: Midrange Systems Technical Discussion <midrange-l-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org>
Date: 10/22/2014 04:13 PM
Subject: Re: Fw: FLASH: Security Bulletin: Vulnerability in SSLv3
affects TS3310 (CVE-2014-3566) (2014.10.22)
Sent by: "MIDRANGE-L" <midrange-l-bounces-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org>



Poodle, Heartbleed, shellshock, if any C level suit needed a reason to
listen when they ask for a separate management LAN, this is a pretty good
list of arguments...
Thanks Rob for the update. I note that the update doesnt mention a fix
yet,
only that the TS3310 has sslv3 enabled and is thus vulnerable to MiTM
attacks.
Post by r***@public.gmane.org
----- Forwarded by Rob Berendt/DEKKO on 10/22/2014 02:18 PM -----
Date: 10/22/2014 01:49 PM
Subject: FLASH: Security Bulletin: Vulnerability in SSLv3 affects
TS3310 (CVE-2014-3566) (2014.10.22)
My notifications for Storage - 22 Oct 2014
Dear Subscriber (robberendt),
Here are your bulletin email notifications for your subscriptions at IBM
My notifications.
Visit the recently updated IBM Electronic Support site to get connected
with our powerful online tools, tips, and resources.
- http://ibm.co/MyNeSupport
Your support notifications display in English by default. Machine
translation based on your IBM profile
language setting is added if you specify this option in My defaults within
My notifications.
(Note: Not all languages are available at this time, and the English
version always takes precedence
over the machine translated version.)
------------------------------------------------------------------------------
Post by r***@public.gmane.org
1. TS3310 Tape Library (3576)
- TITLE: Security Bulletin: Vulnerability in SSLv3 affects TS3310
(CVE-2014-3566)
http://www.ibm.com/support/docview.wss?uid=ssg1S1004960&myns=s034&mynp=OCSTCXRHW&mync=E
Post by r***@public.gmane.org
- ABSTRACT: SSLv3 contains a vulnerability that has been referred to as
the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack.
SSLv3
Post by r***@public.gmane.org
is enabled in TS3310.
------------------------------------------------------------------------------
Post by r***@public.gmane.org
Manage your My notifications subscriptions, or send questions and
comments.
- Subscribe or Unsubscribe - https://www.ibm.com/support/mynotifications
- Feedback -
https://www-912.ibm.com/x_dir/xfeedback.nsf/feedback?OpenForm
your
Post by r***@public.gmane.org
address book.
You received this email because you are subscribed to IBM My
notifications
Post by r***@public.gmane.org
robberendt
Please do not reply to this message as it is generated by an automated
service machine.
(C) International Business Machines Corporation 2014. All rights reserved.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Loading...