× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  • Subject: RE: S/36 payroll - was AS400 user password
  • From: Rob Berendt <rob@xxxxxxxxx>
  • Date: Wed, 14 Jun 2000 12:21:13 -0500

I knew of a company that when they ran their payroll on the S/36, for managers:
All comm outside of the computer room was cut.
The payroll data was restored.
Process ran
Payroll saved.
Payroll deleted with ERASE option to write binary zeros over all data.





DBale@lear.com on 06/14/2000 11:46:51 AM
Please respond to MIDRANGE-L@midrange.com@Internet
To:     MIDRANGE-L@midrange.com@Internet
cc:      
Fax to: 
Subject:        RE: AS400 user password

>nice guys<
You hope.  How many security breaches have occurred over the past 12 years
that nobody knows about?  How many "crackers" broke in using the HR
director's user ID and password and changed his own salary?  How would
anybody ever known that it wasn't the HR director (_if_ they found out at
all), assuming he kept his password an absolute secret?

Way back in the S/36 days, we had a programmer who claimed he could figure
out what everybody in the company was being paid.  Didn't matter that he had
no access to the files, programs, menus, whatever.  Turned out he used the
CATALOG to determine where the payroll file was on the DASD and dumped the
data.  Fortunately, he was ethical enough to inform the boss.  Payroll was
outsourced not long after that.

How many unethical programmers knew the same thing?

Sorry for being so cynical, but I think many managers forget that it's not
the 99.9% of their programming staff they *don't* need to worry about, but
the 0.1% that they do.  And which one is that?

- Dan Bale

> -----Original Message-----
> From: booth@martinvt.com [SMTP:booth@martinvt.com]
> Sent: Tuesday, June 13, 2000 11:14 PM
> To:   MIDRANGE-L@midrange.com
> Subject:      Re: AS400 user password
> 
> Lets rejoice in the 4 days and suggest the 12 years is just the result of 
> all us AS/400 users being nice guys.
> _______________________
> Booth Martin
> Booth@MartinVT.com
> http://www.MartinVT.com
> _______________________
> 
> 
> "William Washington III" <w.washington@iols.net>
> Sent by: owner-midrange-l@midrange.com
> 06/13/2000 10:27 PM
> Please respond to MIDRANGE-L
> 
>  
>         To:     <MIDRANGE-L@midrange.com>
>         cc: 
>         Subject:        Re: AS400 user password
> 
> I tend to agree that we shouldn't "broadcast" a vulnerability, but I also
> strongly feel that if a vulnerability exists, responsible people should 
> know about it so thay can take precautions.
> 
> This security lapse should never have made it to the AS/400... My take on 
> it is IBM wasn't quick on the response.  The hardware has been out for 12
> years!  Only when the breech was published did they take action.
> 
> William
> 
        >snip<
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.