Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) In Defense Of Ascend...
On Wed, 18 Mar 1998, Matt Holdrege wrote:
> Judging from this statement alone, I'd have to say you have set new bounds
> on incompetency. Ascend is a global company (all the offices are on our web
> page) with an easy U.S. 800 number to find (800-ASCEND-4) and more than one
> public users list that I and other Ascend employees post to. We also post
> to USENET. If you had let us know about this we would have jumped all over
> it as we are doing now.
Every hardware/software vendor should have a Cert contact. That fact that
you don't have one is sad, and definitely speaks a little on your
interest in security. I agree with Mr. Knox that CERT is mostly a joke
these days with advisiories of exploits widely known in the underground
and security communities for 6 months or greater, but many people use
their vendor contacts to contact a security person.
> You could have searched alta-vista to find the users list, searched RFC's
> for names of technical Ascend people, called the local sales office for an
> SE. You could have done anything other than contacting our general tech
> support line. Our tech support people get thousands of calls and emails per
> day on a wide variety of issues. I expect the person screening emails
> didn't know what do make of your message. Since you didn't hear back, YOU
> should have made a better effort to contact one of us. It is simply not
> that hard.
You've obviously never lived on the "outside" of Ascend then. Unless I
raise hell on this list, I get little to no response from Ascend. Kevin
usually does a good job of getting someone to call me to help with my
problems (and I don't think I've ever told him thank you, so Here it is
Kev. Thank you.), but it shouldn't be an issue to report a security bug
like these. It shouldn't be required that a person have to use this list
for support (but it happens) or for securit issues. But other than this
list, it's almost impossible to contact you guys.
> You don't have to be a professional. You simply have to be both competent
> in today's information society and *responsible* enough to warn a major
> company with 1000's of vulnerable customers that this bug exited.
>
> Matt Holdrege http://www.ascend.com matt@ascend.com
I'm sure in the future SNI will contact you directly then.
Joe Shaw - jshaw@insync.net
NetAdmin - Insync Internet Services
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
References: