|
I think we have lived too long with the security issues on the 400 (with some, like the old, crackable DNS identified long ago). Groups like this have done much to get IBM moving, but in security, it will take something like CERTS advisories to truly keep their attention. The AIX group is constantly responding to CERTS. I asked CERTS about 6 months ago why the 400 is not ever listed. The response was a long winded thing that said nothing, but implied it took "vendor cooperation". Anyone have an idea how to make this happen (if you agree it's a good idea)? BTW - I've never felt it was IBM's Security Team as the problem - it's the management over them and the allocation of resources between teams. Jim Franz ----- Original Message ----- From: "Don" <dr2@cssas400.com> To: "Kurt Goolsbee" <K.goolsbee@pentasafe.com> Cc: <MI400@midrange.com> Sent: Friday, June 09, 2000 9:25 PM Subject: RE: AS400 user password > > Kurt, et al. > > Simple. I'm not sure that I wanted the talents of the MI'ers unleased on > the lesser responsible folks of the world who were more than eager to get > this latest IBM'ism for what can be considered to be no good. Further, I > didnt' want to put more ammo in the hands of folks that would do damage to > my clients than IBM already has...capice? > > The source items had been posted to MI400. And, I welcome any and all > future posting along simular line. If IBM continues to be a foot dragger, > perhaps those feet need to be shown the flames. > > What was posted here was verified by many of the great minds > on the list(no pun or flattery intended for there are some REALLY talented > folks on the MI list!). The implied threats after the cross postings were > real. However I had knowledge that this problem had been escalated to > highest order or attention(FINALLY!) and was being addressed with a soon > to follow response (read the PTF postings that followed). > > Do I think that it REALLY SUCKS that to get these problems addressed we > have to threaten the world each time!? You bet! > > Do I think that the MI list has the talent to evaluate these or future > threats and raise whatever hell where ever we feel it warrented to achieve > the desired end to a real problem? No arguments. > > Do I welcome activity such as we've seen in the last 3 or so days on MI to > get real problems addressed? Definately no question about it. > > Do I regret that we have to expend all this time and energy to get IBM to > do the job they should be (and should have done) to get holes fixed? You > bet! > > Am I as much concerned as you folks that when the 400 goes truely on the > net that it NOT be the security joke that eunochs and NT are? Yes. > > Am I going to take a .50cal dessert eagle to go small game hunting when a > .22 will do the job? Hell no. > > Kurt, et al, I think that the actions taken in the postings on the MI list > got the desired attention. I just wanted to give them a chance to react, > as they did, before folks released the big hydra on the unsuspecting > world, doing alot more potential damage. I knew damn good and well that > had there not been some fairly timely forthcoming reply, that no plea > would have been enough to stop the onslaught of code postings. > > When I created MI400, I created a tool for our mutual learning, > development, concern sharing and communication. I glad that it's in place > and I'm hoping that we continue the lively spirit that we've seen not just > in the last few days, but long into the future. And, that also by > definition includes postings as we've seen of late, by concerned indivuals > that have been rebuffed in thier bonifide attempts to right wrongs. > > Don in DC > > "Lead, follow or get the hell outta my way!" - Turner > > ------------- > > On Fri, 9 Jun 2000, Kurt Goolsbee wrote: > > > Don, > > > > Why would you not like to "see that source code posted here to God and the > > world."? > > > > > > +--- > | This is the MI Programmers Mailing List! > | To submit a new message, send your mail to MI400@midrange.com. > | To subscribe to this list send email to MI400-SUB@midrange.com. > | To unsubscribe from this list send email to MI400-UNSUB@midrange.com. > | Questions should be directed to the list owner/operator: dr2@cssas400.com > +--- +--- | This is the MI Programmers Mailing List! | To submit a new message, send your mail to MI400@midrange.com. | To subscribe to this list send email to MI400-SUB@midrange.com. | To unsubscribe from this list send email to MI400-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: dr2@cssas400.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.