× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2000

Re: AS400 user password (fwd)

William Washington III wrote:

>Bottom line... a simple explanation is required as 
>to why the claim is made.

Standard tactic is to create a dictionary on one box then reverse lookup on
the target box.

>Don't tell the group "oh, you have to look at the 
>MI API's to figure it out."  Duh, who has access 
>to MI?  (Answer:  SECOFR and some service
>functions.)  

Um... not quite.  I can write MI without being QSECOFR.  Running the
resulting program on a SECLVL(50) box may be a trick...Look at the MI forum
on this listserv for details.

>And how will that help someone on the outside 
>break in a properly-secured system?  

This is the point exactly.  Without access a dictionary is not much good.
However, the claim was made in this very forum last year that access IS
possible.  That claim was never publicly refuted to my knowledge.

>Anything  less is simply an attempt to spread fear,
>uncertainty, and doubt in the community.

Steve's reputation speaks for itself on this regard.

>For what it's worth.... I'm truly interested in a public reply.

I can describe (theoretically) how to pick a lock without telling you how to
build the tools to actually do it yourself.  Similarly, I would expect this
thread to continue along theoretical lines.  I certainly don't want to give
the keys out to anybody, but pretending that keys can't be duplicated isn't
a very secure stance.  We should be aware of possible problems so that we
can take reasonable steps to prevent breaches on our systems.  Such a
discussion shouldn't require a detailed description of the tables to be
manipulated, etc.

Buck Calabro
Aptis; Albany, NY
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.