Since I discovered this vulnerability during a penetration test on a client system I did not have adequate time to fully investigate the problem. I apologize for the 'misinformation', which I had cross-checked with HP prior to posting. However, of the three such systems I attempted to exploit, it did not only affect NES but other applications they had bound as well. It may warrant another look. Secondly, the Virtual Vault's product brief it states that it 'utilizes tough B1 and B2 standards' therefore I felt it was safe to use the word 'utilize' and 'comply' interchangeably. I never mentioned that the virtual vault operating system was reviewed and/or certified at the B2 level. John Daniele jdanieleat_private VOX: (416) 777-3759
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:49:04 PDT