× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  • Subject: Re: Rewarding challenge AS/400...
  • From: "Phil Hall" <hallp@xxxxxxxx>
  • Date: Thu, 16 Sep 1999 22:43:59 -0500

> Phil,
>
> I am a programmer and have the ability to get an AS400 really cheap.  I
mean
> almost free if I wanted to.  So it an old B10 system.  Does it still have
> the same encryption as a 720 running V4R4?

The encryption method **may** change from release to release, but between
machines on the same release, and from what I've played with, it **seems**
the same method but who really knows ?

> If so,  I can hack away until I
> crack the code.  Now I have the program that I can post source for, sell,
or
> install on any system I get sufficient access to.  Gee how many packages
> have you installed that say to sign on as a security officer to install.
> Any one of these packages could load this decryption program, and guess
> what, your system is now hackable.
>
> No, I have no idea of where to start with encryption/decryption or any
> desire to, but how many old AS400s are floating around?  Once a hacker
gets
> a hold of one,  look out.

These were my exact sentiments in my second mail (the reply to Larry)

> One should always check program authorities, adopted vs. owner for all
> packages they install and make sure the owner is not a security
> officer/administrator.  Especially if requested to be installed from
> QSECOFR.

Very sound advice Chris, and vendors have yet to come up with a convincing
reason why I need to be signed on as QSECOFR - if the software needs to
create 'worker usrprfs' then document how I create them (i.e. if they use
special jobds, outqs etc) by hand and I'll create them pre or post
installation.

--phil

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.