2018-01-16 12:27 PM
This morning I saw a security "advisory" from RSA, claiming that their Security Analytics/NetWitness hardware is not affected when nearly every device with a processor made in the last decade is vulnerable. Is this a typo mistake?
This is from your hardware provider claiming otherwise.
This is from your CPU manufacturer again claiming otherwise.
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
In security industry, the common terminology used is vulnerable and exploitable.
RSA chose to use the non security industry standard word "impacted" in their advisory which does not allow the reader to understand what they mean.
Are you saying that your hardware is not vulnerable when your vendors say that it is?
Or implying that since there is no easy exploit for it therefore you are not vulnerable?
2018-01-16 03:16 PM
For details on the impact statement for RSA NetWitness products, please refer to the KB article at https://community.rsa.com/docs/DOC-85418. If there are any further concerns or questions, please open a Support Case for further assistance.
2018-01-16 03:16 PM
For details on the impact statement for RSA NetWitness products, please refer to the KB article at https://community.rsa.com/docs/DOC-85418. If there are any further concerns or questions, please open a Support Case for further assistance.