MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » November 2006

Re: iSeries Security in Computerworld



fixed

   The Peter Principle...........  :-))
   -- 

   Paul Nelson
   Arbor Solutions, Inc.
   708-670-6978  Cell
   pnelson@xxxxxxxxxx
   -----midrange-l-bounces@xxxxxxxxxxxx wrote: -----

     To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
     From: rob@xxxxxxxxx
     Sent by: midrange-l-bounces@xxxxxxxxxxxx
     Date: 11/08/2006 08:16AM
     Subject: Re: iSeries Security in Computerworld

     Had that same issue here, only it was with check stubs.  Had a gal
     complained that her check was wrong.  Found out she was looking at the
     wrong stub and associating it with her paycheck.  All while looking at
     the
     spool file.
     They promoted her to director of personnel.

     Rob Berendt
     --
     Group Dekko Services, LLC
     Dept 01.073
     PO Box 2000
     Dock 108
     6928N 400E
     Kendallville, IN 46755
     http://www.dekko.com

     pnelson@xxxxxxxxxx
     Sent by: midrange-l-bounces@xxxxxxxxxxxx
     11/03/2006 04:17 PM
     Please respond to
     Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>

     To
     Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
     cc

     Subject
     Re: iSeries Security in Computerworld

       I once had a client who swore she was secure. She gave me *user
     authority.
       A few minutes later I remarked (somewhat jokingly) that she was
     overpaid.
       She had output queues named for previous years, and those output
     queues
       contained saved W2 spool files.
       *SPLCTL
       --

       Paul Nelson
       Arbor Solutions, Inc.
       708-670-6978  Cell
       pnelson@xxxxxxxxxx
       -----midrange-l-bounces@xxxxxxxxxxxx wrote: -----

         To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
         From: Don <dr2@xxxxxxxx>
         Sent by: midrange-l-bounces@xxxxxxxxxxxx
         Date: 11/03/2006 04:13PM
         Subject: Re: iSeries Security in Computerworld

         I'll never forget back several years ago when I walked into the head
     of
         accounting for a municipality in the SE, walked up to her terminal,
         created
         my own USRPRF on the fly from a signon screen and in 4 minutes was
         playing
         in her payroll and G/L....I think they were at seclvl(10) or
         lower...forget
         back then...  The problem here was that their business pudnah had
     set
     it
         up
         that way and told them to leave it alone so that they could dial in
         easily...or some other stupid stuff...  Well, they changed a few
     things
         the
         next day...  Not sure if they're still with the same pudnah... :)

         Don in DC

         ------------------------

         At 02:53 PM 11/3/2006 -0600, you wrote:
         >I remember being able to log on remotely to another state agency's
         >system as QSECOFR QSECOFR not too many years ago.  They thought
     they
         >could achieve security through obscurity until I pointed out how
         >vulnerable they were.

         --
         This is the Midrange Systems Technical Discussion (MIDRANGE-L)
     mailing
         list
         To post a message email: MIDRANGE-L@xxxxxxxxxxxx
         To subscribe, unsubscribe, or change list options,
         visit: http://lists.midrange.com/mailman/listinfo/midrange-l
         or email: MIDRANGE-L-request@xxxxxxxxxxxx
         Before posting, please take a moment to review the archives
         at http://archive.midrange.com/midrange-l.
     --
     This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
     list
     To post a message email: MIDRANGE-L@xxxxxxxxxxxx
     To subscribe, unsubscribe, or change list options,
     visit: http://lists.midrange.com/mailman/listinfo/midrange-l
     or email: MIDRANGE-L-request@xxxxxxxxxxxx
     Before posting, please take a moment to review the archives
     at http://archive.midrange.com/midrange-l.

     --
     This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
     list
     To post a message email: MIDRANGE-L@xxxxxxxxxxxx
     To subscribe, unsubscribe, or change list options,
     visit: http://lists.midrange.com/mailman/listinfo/midrange-l
     or email: MIDRANGE-L-request@xxxxxxxxxxxx
     Before posting, please take a moment to review the archives
     at http://archive.midrange.com/midrange-l.





Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact