• Subject: RE: Rewarding Challenge AS/400
  • From: Chris Bipes <ChrisB@xxxxxxxxxxxxxxx>
  • Date: Mon, 27 Sep 1999 08:19:18 -0700

Besides, how can someone get to your password file.  They must first has
access to this file.  Only QSECOFR or QSYS should have access and no other
profiles.  If someone is allowed to download this file, well it will be
cracked, whether they know the encryption scheme or not.  Make sure that
your user profiles and passwords are secure by securing the files they are
stored in.  Make sure that no one has access to the profiles that have
access to the files.  The biggest security hole is signing on with these
profiles from your LAN not using a secure connections.  Our policy is to not
allow security officers to use virtual devices.  PERIOD.  Perhaps others
should have the same type of policies.

Christopher K. Bipes    mailto:ChrisB@Cross-Check.com
Sr. Programmer/Analyst  mailto:Chris_Bipes@Yahoo.com
CrossCheck, Inc.                http://www.cross-check.com
6119 State Farm Drive   Phone: 707 586-0551 x 1102
Rohnert Park CA  94928  Fax: 707 586-1884

*Note to Recruiters
I nor anyone that I know of is interested in any new and/or exciting
positions. Please do not contact me.
 

-----Original Message-----
From: Jim Langston [mailto:jlangston@conexfreight.com]
Sent: Monday, September 27, 1999 7:31 AM
To: MIDRANGE-L@midrange.com
Subject: Re: Rewarding Challenge AS/400


Okay, what about the messages we get on the net about the security
holes in Outlook?  Internet Explorer?  Netscape?

These holes exist, and need to be plugged, and you will notice that when
one of these holes is found and exposed, there is a scramble by Microsoft
or Netscape to close them as quickly as possible.  I have seen some holes
closed within a matter of 24 hours.

If there is a security risk on the AS/400, I want to know what it is, and
how
to do it.  Not so I can do it, but so that I can do something about it!
Knowing
that there is a security hole in the passwords it makes me aware of how
critical it is to keep my user profiles away from prying eyes.

The crackers already know.  There are so many password crackers out on
the net it is not funny.  I think it is a very good idea for us to know the
same
information as the people who are trying to get into our systems.

In this case, I do not believe that ignorance is bliss.

Regards,

Jim Langston

Colin Williams wrote:

> Haven't you just told everyone how to decrypt as400 passwords?
>
> If so, isnt that very irresponsible?

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator:
david@midrange.com
+---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact [javascript protected email address].