× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  • Subject: Re: URGENT !! PTFs to fix another integrity problem
  • From: Eric Merritt <cyberlync@xxxxxxxxx>
  • Date: Thu, 27 Jul 2000 13:22:34 -0700 (PDT)

Here is the deal guys. Be aware there are two sets of
ptfs. This is strait from the AS400 Network ->

New PTFs Plug Password Security Hole
By Gary Guthrie 
Tech Editor
JUNE 14, 2000 — A serious AS/400 security exposure was
recently brought to IBM’s attention. Though IBM
encrypts passwords before storing them permanently,
your users’ passwords may have been compromised by the
fact that unencrypted passwords are also stored in
another location temporarily. If a hacker discovers
where and when the unencrypted passwords are stored,
he can use a simple technique to capture the
passwords, giving him access to your network
resources. 

IBM responded to this revelation in an expedient
manner and has issued the following PTFs: 


V3R2 — SF62947 
V4R1 — SF62944 
V4R1M4 — SF62945 
V4R2 — SF62946 
V4R3 — SF62894 
V4R4 — SF62895 
V4R5 — SF62896
Because of the other PTFs in the supercede chain, the
PTFs for V3R2 and V4R2 are delayed PTFs. You must IPL
to apply the PTFs for these releases. 

You should load and apply the appropriate PTF
immediately. You can download these PTFs on the
Internet using IBM’s iPTF facility at
http://as400service.ibm.com. Click the "Fixes,
Downloads and Updates" link and follow the links for
the AS/400 Internet PTF facility (iPTF). 

After loading and applying the PTF, you must end and
restart all subsystems to fully activate the fix.
Because passwords may have been compromised prior to
the PTF being applied to your system, it is strongly
recommended that after you activate the fix, you
require all users to change their passwords. 



-------------------------------------------------------
Tech Talk: More PTFs for More Password Security Holes
By Gary Guthrie 
Tech Editor
JULY 26, 2000 — You may recall that last month we
reported a serious security exposure in which your
passwords may have been compromised, along with a list
of PTFs to address the issue. Well, the AS/400
security fires continue to heat up with another round
of PTFs to address yet another serious security
exposure. As with last month’s problem, your passwords
may have been compromised by the fact that another
location has been found that contains easily obtained
unencrypted passwords. Again, IBM responded quickly to
this issue and released the following PTFs: 


V3R2 — SF63352 
V4R1 — SF63350 
V4R1M4 — SF63351 
V4R2 — SF63357 
V4R3 — SF63347 
V4R4 — SF63349
But be aware; this security hole isn’t the same as the
one discussed last month. Even if you’ve applied the
PTFs from last month’s fix, the exposure still exists.


My advice this month is that same as last month. You
should load and apply the appropriate PTF immediately.
You can download these PTFs on the Internet using
IBM’s iPTF facility at http://as400service.ibm.com.
Click the "Fixes, Downloads and Updates" link and
follow the links for the AS/400 Internet PTF facility
(iPTF). 

Because passwords may have been compromised prior to
the PTF being applied to your system, it is strongly
recommended that after you activate the fix, you
require all users to change their passwords. 



__________________________________________________
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/
+---
| This is the JAVA/400 Mailing List!
| To submit a new message, send your mail to JAVA400-L@midrange.com.
| To subscribe to this list send email to JAVA400-L-SUB@midrange.com.
| To unsubscribe from this list send email to JAVA400-L-UNSUB@midrange.com.
| Questions should be directed to the list owner: joe@zappie.net
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.