Re: Format DASD?

Eric,

In a message dated 9/2/99 3:38:41 PM Eastern Daylight Time, eric@tsoft.com 
writes:

>   You know, I've asked this question before and have never got a straight 
>  answer from anyone including my IBM business partner.  Is there some 
>  concern that a hacker will read this and find out how to "kill" an AS/400? 
>   Surely there is something within SST that will do this.

We had many _lengthy_ discussions on this subject here years ago when the 
AS/400 was first entering "e-business" and there were quite serious security 
holes surrounding the various IBM supplied connectivity products and OS/400 
itself.  Should we even talk about it?  How much should we say?  Will 
providing details help users or hackers more?  Things like that, they may 
even still be in the archives.

Thanks in part to members of this list, the COMMON security task force, and a 
BOF that (doggone it!) lasted until CUDS had closed, IBM resolved most of 
these issues.  Now that the full AS/400 documentation is available for free 
on the web, the point is moot.  We still shouldn't share simple hacks (like 
system-supplied user profiles and their default passwords) just the same, but 
that information is now freely available to anyone that wants it.  IBM has 
plugged _most_ of the "as shipped" holes.  Anyone that doesn't follow the 
manuals and plug the rest on their own at installation time gets what they 
paid for...

JMHO,

Dean Asmussen
Enterprise Systems Consulting, Inc.
Fuquay-Varina, NC  USA
E-mail:  DAsmussen@aol.com

"We know what a person thinks not when he tells us what he thinks, but by his 
actions." -- Isaac Bashevis Singer
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---