I once had a client who swore she was secure. She gave me *user authority.
A few minutes later I remarked (somewhat jokingly) that she was overpaid.
She had output queues named for previous years, and those output queues
contained saved W2 spool files.
*SPLCTL
--
Paul Nelson
Arbor Solutions, Inc.
708-670-6978 Cell
pnelson@xxxxxxxxxx
-----midrange-l-bounces@xxxxxxxxxxxx wrote: -----
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
From: Don <dr2@xxxxxxxx>
Sent by: midrange-l-bounces@xxxxxxxxxxxx
Date: 11/03/2006 04:13PM
Subject: Re: iSeries Security in Computerworld
I'll never forget back several years ago when I walked into the head of
accounting for a municipality in the SE, walked up to her terminal,
created
my own USRPRF on the fly from a signon screen and in 4 minutes was
playing
in her payroll and G/L....I think they were at seclvl(10) or
lower...forget
back then... The problem here was that their business pudnah had set it
up
that way and told them to leave it alone so that they could dial in
easily...or some other stupid stuff... Well, they changed a few things
the
next day... Not sure if they're still with the same pudnah... :)
Don in DC
------------------------
At 02:53 PM 11/3/2006 -0600, you wrote:
>I remember being able to log on remotely to another state agency's
>system as QSECOFR QSECOFR not too many years ago. They thought they
>could achieve security through obscurity until I pointed out how
>vulnerable they were.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
