|
Here is the deal guys. Be aware there are two sets of ptfs. This is strait from the AS400 Network -> New PTFs Plug Password Security Hole By Gary Guthrie Tech Editor JUNE 14, 2000 — A serious AS/400 security exposure was recently brought to IBM’s attention. Though IBM encrypts passwords before storing them permanently, your users’ passwords may have been compromised by the fact that unencrypted passwords are also stored in another location temporarily. If a hacker discovers where and when the unencrypted passwords are stored, he can use a simple technique to capture the passwords, giving him access to your network resources. IBM responded to this revelation in an expedient manner and has issued the following PTFs: V3R2 — SF62947 V4R1 — SF62944 V4R1M4 — SF62945 V4R2 — SF62946 V4R3 — SF62894 V4R4 — SF62895 V4R5 — SF62896 Because of the other PTFs in the supercede chain, the PTFs for V3R2 and V4R2 are delayed PTFs. You must IPL to apply the PTFs for these releases. You should load and apply the appropriate PTF immediately. You can download these PTFs on the Internet using IBM’s iPTF facility at http://as400service.ibm.com. Click the "Fixes, Downloads and Updates" link and follow the links for the AS/400 Internet PTF facility (iPTF). After loading and applying the PTF, you must end and restart all subsystems to fully activate the fix. Because passwords may have been compromised prior to the PTF being applied to your system, it is strongly recommended that after you activate the fix, you require all users to change their passwords. ------------------------------------------------------- Tech Talk: More PTFs for More Password Security Holes By Gary Guthrie Tech Editor JULY 26, 2000 — You may recall that last month we reported a serious security exposure in which your passwords may have been compromised, along with a list of PTFs to address the issue. Well, the AS/400 security fires continue to heat up with another round of PTFs to address yet another serious security exposure. As with last month’s problem, your passwords may have been compromised by the fact that another location has been found that contains easily obtained unencrypted passwords. Again, IBM responded quickly to this issue and released the following PTFs: V3R2 — SF63352 V4R1 — SF63350 V4R1M4 — SF63351 V4R2 — SF63357 V4R3 — SF63347 V4R4 — SF63349 But be aware; this security hole isn’t the same as the one discussed last month. Even if you’ve applied the PTFs from last month’s fix, the exposure still exists. My advice this month is that same as last month. You should load and apply the appropriate PTF immediately. You can download these PTFs on the Internet using IBM’s iPTF facility at http://as400service.ibm.com. Click the "Fixes, Downloads and Updates" link and follow the links for the AS/400 Internet PTF facility (iPTF). Because passwords may have been compromised prior to the PTF being applied to your system, it is strongly recommended that after you activate the fix, you require all users to change their passwords. __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ +--- | This is the JAVA/400 Mailing List! | To submit a new message, send your mail to JAVA400-L@midrange.com. | To subscribe to this list send email to JAVA400-L-SUB@midrange.com. | To unsubscribe from this list send email to JAVA400-L-UNSUB@midrange.com. | Questions should be directed to the list owner: joe@zappie.net +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.