|
midrange.com
Trust me. This can happen. I've borne the brunt of one such phone call,
(after the fact), although it was done more politely. Even though I did
wait until an APAR declared the situation a 'Permanent Restriction', which
my squawking got lifted.
leif@ibm.net on 09/28/99 07:18:04 PM
Please respond to MIDRANGE-L@midrange.com@Internet
To: MIDRANGE-L@midrange.com@Internet
cc:
Fax to:
Subject: Re: Rewarding Challenge AS/400
see below.
Someone has raised the point about the publication & response by IBM to
security exposures. I have often wondered why the notification services like
CERT, never report AS/400 problems. They certainly do report http, java,
WebSphere , SQL and other problems, all of which OS/400 works with. But the
reports are always about WinXX, Linux, Unix, NT, Sun, and a few others.
(Actually I do know why - most of the universe doesn't know or understand what
an AS/400 is). BTW, CERT is a good place to get free info on security
exposures, and a free e-mail alert service. Our government at work. CERTŠ
Coordination Center
----------------------------------
When we first told IBM about our findings, there response was some like
this (I can't remember the exact words - because it was always verbal):
If you go public with this we will cut you off (we are a business partner of
IBM).
We will bury you. We will make sure you go out of business. Don't rock
the boat.
----------------------------------------
how is that for irresponsibility ???
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content="text/html; charset=iso-8859-1" http-equiv=Content-Type> <META content="MSHTML 5.00.2014.210" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT size=2>see below.</FONT></DIV> <BLOCKQUOTE style="BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px"> <DIV> Someone has raised the point about the publication & response by IBM to security exposures. I have often wondered why the notification services like CERT, never report AS/400 problems. They certainly do report http, java, WebSphere , SQL and other problems, all of which OS/400 works with. But the reports are always about WinXX, Linux, Unix, NT, Sun, and a few others. (Actually I do know why - most of the universe doesn't know or understand what an AS/400 is). BTW, CERT is a good place to get free info on security exposures, and a free e-mail alert service. Our government at work. <A href="http://www.cert.org">CERT Coordination Center</A> <BR></DIV> <DIV><FONT size=2>----------------------------------</FONT></DIV> <DIV> </DIV> <DIV><FONT size=2>When we first told IBM about our findings, there response was some like</FONT></DIV> <DIV><FONT size=2>this (I can't remember the exact words - because it was always verbal):</FONT></DIV> <DIV> </DIV> <DIV><FONT size=2>If you go public with this we will cut you off (we are a business partner of IBM).</FONT></DIV> <DIV><FONT size=2>We will bury you. We will make sure you go out of business. Don't rock</FONT></DIV> <DIV><FONT size=2>the boat.</FONT></DIV> <DIV> </DIV> <DIV><FONT size=2>----------------------------------------</FONT></DIV> <DIV> </DIV> <DIV><FONT size=2>how is that for irresponsibility ???</FONT></DIV> <DIV> </DIV></BLOCKQUOTE></BODY></HTML>
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
