× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. September 2000

Re: INCREDIBLE - what am I missing here... ??? !!!

  • Subject: Re: INCREDIBLE - what am I missing here... ??? !!!
  • From: Steve <steve@xxxxxxxxxx>
  • Date: Thu, 28 Sep 2000 22:47:30 +0100
 
In article <002701c0296e$aa8ecac0$6508a8c0@chi.ssax.com>, Phil Hall
<hallp@ssax.com> writes
>> Really that should not have been posted!  Come on lets not give away all
>our
>> secrets.  Lets not make it any easier for hackers to learn how to break
>into
>> the AS400.  I know it is not easy, but how many people really knew where
>to
>> look for passwords.
>
>Knowing **where** they reside is probably 5% of the problem of actually
>getting passwords back into clear text. 

But the password file is not the biggest worry. Let's face it, 
how many of your users had even heard of FTP five years ago? And now?
and if they say 'ftp youras400', just to see what happens? It
will give them a signon prompt. And they have a legitimate signon -
except now they are not 'locked in' by menus, or library lists...

It's the legit users you need to worry about, not some vaguely perceived
hacker outside your firewall... Have you removed *PUBLIC from
everything? Locked it all down with group profiles? hidden the IFS?
Put in change control to make sure it doesn't get undone?

Business partners broke the AS/400 wide open with menu-level security, 
and IBM handed the keys to the box over with Ops Navigator and TCP/IP.

95% of computer fraud is an inside job.

Don't get me wrong - the AS/400 is God's Own Machine, as far as I'm 
concerned. But if we keep on parroting the myth of it's security
we will be riding for a fall. It is as vulnerable to DoS attacks as any
other machine, for instance - and my board wouldn't wait for me to
explain how the 'secure' AS/400 had been made unavailable by a hacking
attack like DoS if I had told them it was hacker proof...

Security by obscurity is no security.
-- 
Steve
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.