Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (ASCEND) In Defense Of Ascend...



On Wed, 18 Mar 1998, Matt Holdrege wrote:

> Judging from this statement alone, I'd have to say you have set new bounds
> on incompetency. Ascend is a global company (all the offices are on our web
> page) with an easy U.S. 800 number to find (800-ASCEND-4) and more than one
> public users list that I and other Ascend employees post to. We also post
> to USENET. If you had let us know about this we would have jumped all over
> it as we are doing now.

Every hardware/software vendor should have a Cert contact.  That fact that
you don't have one is sad, and definitely speaks a little on your
interest in security.  I agree with Mr. Knox that CERT is mostly a joke
these days with advisiories of exploits widely known in the underground
and security communities for 6 months or greater, but many people use
their vendor contacts to contact a security person.

> You could have searched alta-vista to find the users list, searched RFC's
> for names of technical Ascend people, called the local sales office for an
> SE. You could have done anything other than contacting our general tech
> support line. Our tech support people get thousands of calls and emails per
> day on a wide variety of issues. I expect the person screening emails
> didn't know what do make of your message. Since you didn't hear back, YOU
> should have made a better effort to contact one of us. It is simply not
> that hard. 

You've obviously never lived on the "outside" of Ascend then.  Unless I
raise hell on this list, I get little to no response from Ascend.  Kevin
usually does a good job of getting someone to call me to help with my
problems (and I don't think I've ever told him thank you, so Here it is
Kev.  Thank you.), but it shouldn't be an issue to report a security bug
like these.  It shouldn't be required that a person have to use this list
for support (but it happens) or for securit issues.  But other than this
list, it's almost impossible to contact you guys.  

> You don't have to be a professional. You simply have to be both competent
> in today's information society and *responsible* enough to warn a major
> company with 1000's of vulnerable customers that this bug exited. 
> 
> Matt Holdrege		http://www.ascend.com	matt@ascend.com

I'm sure in the future SNI will contact you directly then.

Joe Shaw - jshaw@insync.net
NetAdmin - Insync Internet Services

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>


References: