|
> Phil, > > I am a programmer and have the ability to get an AS400 really cheap. I mean > almost free if I wanted to. So it an old B10 system. Does it still have > the same encryption as a 720 running V4R4? The encryption method **may** change from release to release, but between machines on the same release, and from what I've played with, it **seems** the same method but who really knows ? > If so, I can hack away until I > crack the code. Now I have the program that I can post source for, sell, or > install on any system I get sufficient access to. Gee how many packages > have you installed that say to sign on as a security officer to install. > Any one of these packages could load this decryption program, and guess > what, your system is now hackable. > > No, I have no idea of where to start with encryption/decryption or any > desire to, but how many old AS400s are floating around? Once a hacker gets > a hold of one, look out. These were my exact sentiments in my second mail (the reply to Larry) > One should always check program authorities, adopted vs. owner for all > packages they install and make sure the owner is not a security > officer/administrator. Especially if requested to be installed from > QSECOFR. Very sound advice Chris, and vendors have yet to come up with a convincing reason why I need to be signed on as QSECOFR - if the software needs to create 'worker usrprfs' then document how I create them (i.e. if they use special jobds, outqs etc) by hand and I'll create them pre or post installation. --phil +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.