|
I knew of a company that when they ran their payroll on the S/36, for managers: All comm outside of the computer room was cut. The payroll data was restored. Process ran Payroll saved. Payroll deleted with ERASE option to write binary zeros over all data. DBale@lear.com on 06/14/2000 11:46:51 AM Please respond to MIDRANGE-L@midrange.com@Internet To: MIDRANGE-L@midrange.com@Internet cc: Fax to: Subject: RE: AS400 user password >nice guys< You hope. How many security breaches have occurred over the past 12 years that nobody knows about? How many "crackers" broke in using the HR director's user ID and password and changed his own salary? How would anybody ever known that it wasn't the HR director (_if_ they found out at all), assuming he kept his password an absolute secret? Way back in the S/36 days, we had a programmer who claimed he could figure out what everybody in the company was being paid. Didn't matter that he had no access to the files, programs, menus, whatever. Turned out he used the CATALOG to determine where the payroll file was on the DASD and dumped the data. Fortunately, he was ethical enough to inform the boss. Payroll was outsourced not long after that. How many unethical programmers knew the same thing? Sorry for being so cynical, but I think many managers forget that it's not the 99.9% of their programming staff they *don't* need to worry about, but the 0.1% that they do. And which one is that? - Dan Bale > -----Original Message----- > From: booth@martinvt.com [SMTP:booth@martinvt.com] > Sent: Tuesday, June 13, 2000 11:14 PM > To: MIDRANGE-L@midrange.com > Subject: Re: AS400 user password > > Lets rejoice in the 4 days and suggest the 12 years is just the result of > all us AS/400 users being nice guys. > _______________________ > Booth Martin > Booth@MartinVT.com > http://www.MartinVT.com > _______________________ > > > "William Washington III" <w.washington@iols.net> > Sent by: owner-midrange-l@midrange.com > 06/13/2000 10:27 PM > Please respond to MIDRANGE-L > > > To: <MIDRANGE-L@midrange.com> > cc: > Subject: Re: AS400 user password > > I tend to agree that we shouldn't "broadcast" a vulnerability, but I also > strongly feel that if a vulnerability exists, responsible people should > know about it so thay can take precautions. > > This security lapse should never have made it to the AS/400... My take on > it is IBM wasn't quick on the response. The hardware has been out for 12 > years! Only when the breech was published did they take action. > > William > >snip< +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +--- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.