|
Yep, Was JUST reading that at lunch Dan ! Chuck "Eyers, Daniel" wrote: > Interesting article from Compuworld that has some merit, given the recent > discussion... > > Debate erupts over disclosure of software security holes > > A keynote speaker at the Black Hat Briefings conference argued that the full > disclosure of software holes is only encouraging more security attacks - a > claim > that other attendees, including well-known security expert Mudge, disputed. > > http://www.computerworld.com/cwi/story/0%2C1199%2CNAV47_STO47589%2C00.html?p > m > > dan > > -----Original Message----- > From: Eric Merritt [mailto:cyberlync@yahoo.com] > Sent: Thursday, July 27, 2000 4:23 PM > To: JAVA400-L@midrange.com > Subject: Re: URGENT !! PTFs to fix another integrity problem > > Here is the deal guys. Be aware there are two sets of > ptfs. This is strait from the AS400 Network -> > > New PTFs Plug Password Security Hole > By Gary Guthrie > Tech Editor > JUNE 14, 2000 - A serious AS/400 security exposure was > recently brought to IBM's attention. Though IBM > encrypts passwords before storing them permanently, > your users' passwords may have been compromised by the > fact that unencrypted passwords are also stored in > another location temporarily. If a hacker discovers > where and when the unencrypted passwords are stored, > he can use a simple technique to capture the > passwords, giving him access to your network > resources. > > IBM responded to this revelation in an expedient > manner and has issued the following PTFs: > > V3R2 - SF62947 > V4R1 - SF62944 > V4R1M4 - SF62945 > V4R2 - SF62946 > V4R3 - SF62894 > V4R4 - SF62895 > V4R5 - SF62896 > Because of the other PTFs in the supercede chain, the > PTFs for V3R2 and V4R2 are delayed PTFs. You must IPL > to apply the PTFs for these releases. > > You should load and apply the appropriate PTF > immediately. You can download these PTFs on the > Internet using IBM's iPTF facility at > http://as400service.ibm.com. Click the "Fixes, > Downloads and Updates" link and follow the links for > the AS/400 Internet PTF facility (iPTF). > > After loading and applying the PTF, you must end and > restart all subsystems to fully activate the fix. > Because passwords may have been compromised prior to > the PTF being applied to your system, it is strongly > recommended that after you activate the fix, you > require all users to change their passwords. > > ------------------------------------------------------- > Tech Talk: More PTFs for More Password Security Holes > By Gary Guthrie > Tech Editor > JULY 26, 2000 - You may recall that last month we > reported a serious security exposure in which your > passwords may have been compromised, along with a list > of PTFs to address the issue. Well, the AS/400 > security fires continue to heat up with another round > of PTFs to address yet another serious security > exposure. As with last month's problem, your passwords > may have been compromised by the fact that another > location has been found that contains easily obtained > unencrypted passwords. Again, IBM responded quickly to > this issue and released the following PTFs: > > V3R2 - SF63352 > V4R1 - SF63350 > V4R1M4 - SF63351 > V4R2 - SF63357 > V4R3 - SF63347 > V4R4 - SF63349 > But be aware; this security hole isn't the same as the > one discussed last month. Even if you've applied the > PTFs from last month's fix, the exposure still exists. > > My advice this month is that same as last month. You > should load and apply the appropriate PTF immediately. > You can download these PTFs on the Internet using > IBM's iPTF facility at http://as400service.ibm.com. > Click the "Fixes, Downloads and Updates" link and > follow the links for the AS/400 Internet PTF facility > (iPTF). > > Because passwords may have been compromised prior to > the PTF being applied to your system, it is strongly > recommended that after you activate the fix, you > require all users to change their passwords. > > __________________________________________________ > Do You Yahoo!? > Kick off your party with Yahoo! Invites. > http://invites.yahoo.com/ > +--- > | This is the JAVA/400 Mailing List! > | To submit a new message, send your mail to JAVA400-L@midrange.com. > | To subscribe to this list send email to JAVA400-L-SUB@midrange.com. > | To unsubscribe from this list send email to JAVA400-L-UNSUB@midrange.com. > | Questions should be directed to the list owner: joe@zappie.net > +--- > +--- > | This is the JAVA/400 Mailing List! > | To submit a new message, send your mail to JAVA400-L@midrange.com. > | To subscribe to this list send email to JAVA400-L-SUB@midrange.com. > | To unsubscribe from this list send email to JAVA400-L-UNSUB@midrange.com. > | Questions should be directed to the list owner: joe@zappie.net > +--- +--- | This is the JAVA/400 Mailing List! | To submit a new message, send your mail to JAVA400-L@midrange.com. | To subscribe to this list send email to JAVA400-L-SUB@midrange.com. | To unsubscribe from this list send email to JAVA400-L-UNSUB@midrange.com. | Questions should be directed to the list owner: joe@zappie.net +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
