|
Right you are Eric ! The first problem was discovered last month and dealt with fairly quickly (even though it had been around since the S/38 days from what I hear - someone correct me if I am wrong !!! So warn any S/38 shops you know of <BG>) Chuck Eric Merritt wrote: > Here is the deal guys. Be aware there are two sets of > ptfs. This is strait from the AS400 Network -> > > New PTFs Plug Password Security Hole > By Gary Guthrie > Tech Editor > JUNE 14, 2000 — A serious AS/400 security exposure was > recently brought to IBM’s attention. Though IBM > encrypts passwords before storing them permanently, > your users’ passwords may have been compromised by the > fact that unencrypted passwords are also stored in > another location temporarily. If a hacker discovers > where and when the unencrypted passwords are stored, > he can use a simple technique to capture the > passwords, giving him access to your network > resources. > > IBM responded to this revelation in an expedient > manner and has issued the following PTFs: > > V3R2 — SF62947 > V4R1 — SF62944 > V4R1M4 — SF62945 > V4R2 — SF62946 > V4R3 — SF62894 > V4R4 — SF62895 > V4R5 — SF62896 > Because of the other PTFs in the supercede chain, the > PTFs for V3R2 and V4R2 are delayed PTFs. You must IPL > to apply the PTFs for these releases. > > You should load and apply the appropriate PTF > immediately. You can download these PTFs on the > Internet using IBM’s iPTF facility at > http://as400service.ibm.com. Click the "Fixes, > Downloads and Updates" link and follow the links for > the AS/400 Internet PTF facility (iPTF). > > After loading and applying the PTF, you must end and > restart all subsystems to fully activate the fix. > Because passwords may have been compromised prior to > the PTF being applied to your system, it is strongly > recommended that after you activate the fix, you > require all users to change their passwords. > > ------------------------------------------------------- > Tech Talk: More PTFs for More Password Security Holes > By Gary Guthrie > Tech Editor > JULY 26, 2000 — You may recall that last month we > reported a serious security exposure in which your > passwords may have been compromised, along with a list > of PTFs to address the issue. Well, the AS/400 > security fires continue to heat up with another round > of PTFs to address yet another serious security > exposure. As with last month’s problem, your passwords > may have been compromised by the fact that another > location has been found that contains easily obtained > unencrypted passwords. Again, IBM responded quickly to > this issue and released the following PTFs: > > V3R2 — SF63352 > V4R1 — SF63350 > V4R1M4 — SF63351 > V4R2 — SF63357 > V4R3 — SF63347 > V4R4 — SF63349 > But be aware; this security hole isn’t the same as the > one discussed last month. Even if you’ve applied the > PTFs from last month’s fix, the exposure still exists. > > My advice this month is that same as last month. You > should load and apply the appropriate PTF immediately. > You can download these PTFs on the Internet using > IBM’s iPTF facility at http://as400service.ibm.com. > Click the "Fixes, Downloads and Updates" link and > follow the links for the AS/400 Internet PTF facility > (iPTF). > > Because passwords may have been compromised prior to > the PTF being applied to your system, it is strongly > recommended that after you activate the fix, you > require all users to change their passwords. > > __________________________________________________ > Do You Yahoo!? > Kick off your party with Yahoo! Invites. > http://invites.yahoo.com/ > +--- > | This is the JAVA/400 Mailing List! > | To submit a new message, send your mail to JAVA400-L@midrange.com. > | To subscribe to this list send email to JAVA400-L-SUB@midrange.com. > | To unsubscribe from this list send email to JAVA400-L-UNSUB@midrange.com. > | Questions should be directed to the list owner: joe@zappie.net > +--- +--- | This is the JAVA/400 Mailing List! | To submit a new message, send your mail to JAVA400-L@midrange.com. | To subscribe to this list send email to JAVA400-L-SUB@midrange.com. | To unsubscribe from this list send email to JAVA400-L-UNSUB@midrange.com. | Questions should be directed to the list owner: joe@zappie.net +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.