|
Shalom's posts are always completely blank. Is this happening to anyone else? His post _does_ appear, quoted, in Mike's reply as you can seel below. But his original post was indeed blank. -- Jeff Crosby Dilgard Frozen Foods, Inc. P.O. Box 13369 Ft. Wayne, IN 46868-3369 260-422-7531 The opinions expressed are my own and not necessarily the opinion of my company. Unless I say so. > -----Original Message----- > From: midrange-l-bounces@xxxxxxxxxxxx > [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of > Mike.Crump@xxxxxxxxxxxxxxxx > Sent: Monday, April 25, 2005 10:38 AM > To: Midrange Systems Technical Discussion > Subject: Re: Recent bugtraq postings > > > You know, I'm not even sure if I have the time to respond > completely to this and the listings. Suffice to say, not > sure if I would call them lies but there are assumptions and > inaccuracies. > > > Michael Crump > Manager, Computing Services > Saint-Gobain Containers > 1509 S. Macedonia Ave. > Muncie, IN 47302 > (765)741-7696 > (765)741-7012 f > (800)428-8642 > > "The probability that we may fail in the struggle ought not > to deter us from the support of a cause we believe to be > just" Abraham Lincoln > > > > > > > > > shalom@xxxxxxxxxx > > > > 04/25/2005 10:20 > To > AM > midrange-l@xxxxxxxxxxxx > > cc > > > Please respond to > Subject > Midrange Systems Re: Recent bugtraq > postings > Technical > > Discussion > > <midrange-l@midra > > nge.com> > > > > > > > > > Hey, > > Contrary to what was mentioned on this forum, the postings on > bugtraq do not contain any lies and do not contain any > technical inaccuracies. > If you do find any inaccurate statement, I would like to know > about it as soon as possible. > > Please, read the postings yourselves and do not rely on > second hand opinion. > > Enumerating users via LDAP: > http://www.securityfocus.com/archive/1/394308 > Enumerating users via FTP: > http://www.securityfocus.com/archive/1/394879 > Enumerating users via POP3: > http://www.securityfocus.com/archive/1/395969 > 5250 emulation back-door: > http://www.securityfocus.com/archive/1/394058 > Netcat reverse shell: > http://www.securityfocus.com/archive/1/394753 > FTP canonicalization problem: > http://www.securityfocus.com/archive/1/396628 > > > The FTP canonicalization based directory traversal is not > IBM's problem, it is a problem of the 3rd party security products. > Some of them were notified prior to publishing, and I waited > for a reasonable time before posting on bugtraq. > > The user enumeration techniques are low severity problems, > but problems they are, whether by design or by omission. > > (I really do not understand why LDAP and POP3 must be turned > on by default, but hey, who am I to tell IBM how to package > their products?) > > On the other hand, the 5250 back-door and the reverse shell > are potentially dangerous to the corporate environment. > > I do not sell solutions - there are enough iSeries solution makers. > I provide information about problems that sometimes exist in > unforeseen places. > > BTW, IBM refused several times to answer my queries about > some of the issues. I was asked to supply a valid service > agreement before anyone would talk to me. > > Well, I do not even have an iSeries server, so this obviously > was out of the question.. > > > Shalom Carmel > ------------- > www.venera.com - Exposing iSeries insecurity > > -- > This is the Midrange Systems Technical Discussion > (MIDRANGE-L) mailing list To post a message email: > MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change > list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, > please take a moment to review the archives at > http://archive.midrange.com/midrange-l. > > -- > This is the Midrange Systems Technical Discussion > (MIDRANGE-L) mailing list To post a message email: > MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change > list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, > please take a moment to review the archives at > http://archive.midrange.com/midrange-l. > > >
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.