|
Hi all and Chuck I am getting the feeling we are exagerating in this cover up in the past when security holes and other OS holes we were alwaise ready to inform others of the how to and the fix to it as well My question is why are you so protestive toword IBM they shold be critisized the same way as others after all this just proves AS400 is vulnerable to smart minds. I personally found out how to do it and I have shared it with my collegus and other AS400 profesionals for the purpose of awareness not hacking who has the time for that. Regards Joel >From: Chuck Lewis <clewis@iquest.net> >Reply-To: JAVA400-L@midrange.com >To: JAVA400-L@midrange.com >Subject: Re: URGENT !! PTFs to fix another integrity problem >Date: Fri, 28 Jul 2000 07:28:50 +0100 > >Right you are Eric ! > >The first problem was discovered last month and dealt with fairly quickly >(even >though it had been around since the S/38 days from what I hear - someone >correct me if I am wrong !!! So warn any S/38 shops you know of <BG>) > >Chuck > >Eric Merritt wrote: > > > Here is the deal guys. Be aware there are two sets of > > ptfs. This is strait from the AS400 Network -> > > > > New PTFs Plug Password Security Hole > > By Gary Guthrie > > Tech Editor > > JUNE 14, 2000 — A serious AS/400 security exposure was > > recently brought to IBM’s attention. Though IBM > > encrypts passwords before storing them permanently, > > your users’ passwords may have been compromised by the > > fact that unencrypted passwords are also stored in > > another location temporarily. If a hacker discovers > > where and when the unencrypted passwords are stored, > > he can use a simple technique to capture the > > passwords, giving him access to your network > > resources. > > > > IBM responded to this revelation in an expedient > > manner and has issued the following PTFs: > > > > V3R2 — SF62947 > > V4R1 — SF62944 > > V4R1M4 — SF62945 > > V4R2 — SF62946 > > V4R3 — SF62894 > > V4R4 — SF62895 > > V4R5 — SF62896 > > Because of the other PTFs in the supercede chain, the > > PTFs for V3R2 and V4R2 are delayed PTFs. You must IPL > > to apply the PTFs for these releases. > > > > You should load and apply the appropriate PTF > > immediately. You can download these PTFs on the > > Internet using IBM’s iPTF facility at > > http://as400service.ibm.com. Click the "Fixes, > > Downloads and Updates" link and follow the links for > > the AS/400 Internet PTF facility (iPTF). > > > > After loading and applying the PTF, you must end and > > restart all subsystems to fully activate the fix. > > Because passwords may have been compromised prior to > > the PTF being applied to your system, it is strongly > > recommended that after you activate the fix, you > > require all users to change their passwords. > > > > ------------------------------------------------------- > > Tech Talk: More PTFs for More Password Security Holes > > By Gary Guthrie > > Tech Editor > > JULY 26, 2000 — You may recall that last month we > > reported a serious security exposure in which your > > passwords may have been compromised, along with a list > > of PTFs to address the issue. Well, the AS/400 > > security fires continue to heat up with another round > > of PTFs to address yet another serious security > > exposure. As with last month’s problem, your passwords > > may have been compromised by the fact that another > > location has been found that contains easily obtained > > unencrypted passwords. Again, IBM responded quickly to > > this issue and released the following PTFs: > > > > V3R2 — SF63352 > > V4R1 — SF63350 > > V4R1M4 — SF63351 > > V4R2 — SF63357 > > V4R3 — SF63347 > > V4R4 — SF63349 > > But be aware; this security hole isn’t the same as the > > one discussed last month. Even if you’ve applied the > > PTFs from last month’s fix, the exposure still exists. > > > > My advice this month is that same as last month. You > > should load and apply the appropriate PTF immediately. > > You can download these PTFs on the Internet using > > IBM’s iPTF facility at http://as400service.ibm.com. > > Click the "Fixes, Downloads and Updates" link and > > follow the links for the AS/400 Internet PTF facility > > (iPTF). > > > > Because passwords may have been compromised prior to > > the PTF being applied to your system, it is strongly > > recommended that after you activate the fix, you > > require all users to change their passwords. > > > > __________________________________________________ > > Do You Yahoo!? > > Kick off your party with Yahoo! Invites. > > http://invites.yahoo.com/ > > +--- > > | This is the JAVA/400 Mailing List! > > | To submit a new message, send your mail to JAVA400-L@midrange.com. > > | To subscribe to this list send email to JAVA400-L-SUB@midrange.com. > > | To unsubscribe from this list send email to >JAVA400-L-UNSUB@midrange.com. > > | Questions should be directed to the list owner: joe@zappie.net > > +--- > >+--- >| This is the JAVA/400 Mailing List! >| To submit a new message, send your mail to JAVA400-L@midrange.com. >| To subscribe to this list send email to JAVA400-L-SUB@midrange.com. >| To unsubscribe from this list send email to JAVA400-L-UNSUB@midrange.com. >| Questions should be directed to the list owner: joe@zappie.net >+--- ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com +--- | This is the JAVA/400 Mailing List! | To submit a new message, send your mail to JAVA400-L@midrange.com. | To subscribe to this list send email to JAVA400-L-SUB@midrange.com. | To unsubscribe from this list send email to JAVA400-L-UNSUB@midrange.com. | Questions should be directed to the list owner: joe@zappie.net +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.