Re: No single case of hacking...

----- Original Message -----
From: Joe Pluta <joepluta@PlutaBrothers.com>
To: <MI400@midrange.com>
Sent: Thursday, June 07, 2001 10:12 AM
Subject: RE: No single case of hacking...


> Leif, while I agree my machine doesn't prove much about AS/400 security, it
> does prove a lot about Internet security. <grin>
>
> My machine is not "locked down too tight".

===> I said: "for this", i.e. the experiment.

> On the other hand, if I were to give you the appropriate passwords, etc.,
> you could also access my machine through 5250 - I just don't make that sort
> of information public.  Which is the way it's supposed to be.

===> assume that I knew the passwords, I still cannot telnet to your box,
so what do you mean by "you could also access my machine" ?


>
> On the third hand, if this were a Microsoft IIS server, you could break
> through one of the many known security holes and get into my server and
thus
> my system, even with just port 80 access.  In this regard, the IBM HTTP
> server is a much more secure web server than IIS.
>

agree that IIS is junk, but as the AS/400 slides more and more into Unix land
maybe some of the holes will appear. How abbot running Apache on the box?
No holes in Apache?


+---
| This is the MI Programmers Mailing List!
| To submit a new message, send your mail to MI400@midrange.com.
| To subscribe to this list send email to MI400-SUB@midrange.com.
| To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: dr2@cssas400.com
+---