|
Besides, how can someone get to your password file. They must first has access to this file. Only QSECOFR or QSYS should have access and no other profiles. If someone is allowed to download this file, well it will be cracked, whether they know the encryption scheme or not. Make sure that your user profiles and passwords are secure by securing the files they are stored in. Make sure that no one has access to the profiles that have access to the files. The biggest security hole is signing on with these profiles from your LAN not using a secure connections. Our policy is to not allow security officers to use virtual devices. PERIOD. Perhaps others should have the same type of policies. Christopher K. Bipes mailto:ChrisB@Cross-Check.com Sr. Programmer/Analyst mailto:Chris_Bipes@Yahoo.com CrossCheck, Inc. http://www.cross-check.com 6119 State Farm Drive Phone: 707 586-0551 x 1102 Rohnert Park CA 94928 Fax: 707 586-1884 *Note to Recruiters I nor anyone that I know of is interested in any new and/or exciting positions. Please do not contact me. -----Original Message----- From: Jim Langston [mailto:jlangston@conexfreight.com] Sent: Monday, September 27, 1999 7:31 AM To: MIDRANGE-L@midrange.com Subject: Re: Rewarding Challenge AS/400 Okay, what about the messages we get on the net about the security holes in Outlook? Internet Explorer? Netscape? These holes exist, and need to be plugged, and you will notice that when one of these holes is found and exposed, there is a scramble by Microsoft or Netscape to close them as quickly as possible. I have seen some holes closed within a matter of 24 hours. If there is a security risk on the AS/400, I want to know what it is, and how to do it. Not so I can do it, but so that I can do something about it! Knowing that there is a security hole in the passwords it makes me aware of how critical it is to keep my user profiles away from prying eyes. The crackers already know. There are so many password crackers out on the net it is not funny. I think it is a very good idea for us to know the same information as the people who are trying to get into our systems. In this case, I do not believe that ignorance is bliss. Regards, Jim Langston Colin Williams wrote: > Haven't you just told everyone how to decrypt as400 passwords? > > If so, isnt that very irresponsible? +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +--- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
