Al, I think it's a given that people are gonna be the weakest link here. That's a bug that's never gonna be fixed... What I'm looking for is this: if a company (or individual) keeps proper PHYSICAL security of the system, can it then be protected. This would allow companies with some ISO 9xxxx certification of their physical security, to become trusted. Pairs of these trusted companies can then do business "relatively" securely, IMV... jt | -----Original Message----- | From: email@example.com | [mailto:firstname.lastname@example.org]On Behalf Of MacWheel99@aol.com | Sent: Monday, December 17, 2001 12:51 AM | To: email@example.com | Subject: Re: Where are all of the /400's going. (was RE: QUSER on ODBC | requests) | | | > ==> But here's the thing: (I'm NOT contradicting you, but just | asking the | > question.) Has it ever been done AND/OR IS it theoretically possible: | > COULD a 400 machine serial number be hacked...?!? I guess I'm | asking if | > there's ANY WAY CONCEIVABLE? I think this is a key question. | | If a 400 is not secure, anything can be hacked. | | If a device, that is connected to a secure 400, is itself not secure, then | that is another possibility. Does corporate culture permit users to have | their passwords "programmed" into their PC hardware so that they | do some PLAY | KEY combination & it gets them where they need to go a lot? Are | those same | PCs accessible via PC Anywhere or equivalent system (there's a bunch of | competitors) & can those same PLAY KEY deals be done remotely? Do those | users have relatively high levels of security, so they can get into stuff | like WRKSYSVAL? | | Remember when Microsoft got hacked & someone downloaded a lot of | source code | that they had considered confidential? An employee with home PC | was trusted | to access Microsoft corporate network. The employee home PC did | not have the | latest firewall software protections. Hacker broke into employee | home PC & | from there got into Microsoft network. 400 site can be equally | vulnerable | to this sort of thing depending on corporate culture. | | The kind of thing that worries me is trusted partners. For reasons of | software licensing, we have given out our hardware serial number | to several | vendors, some of which are authorized to dial into our system to provide | various kinds of tech support ... now suppose one of them is | hacked ... now | all their customers are exposed. | | People who can get into SST and have enough authority to do so, can change | executable objects like IBM's to do things other than what they | setup to do, | so that you can have virus-like activity on a 400. I am not | going to say any | more on this. | | You know that my basic position is that I would rather be thought | full of BS | than give out info that a hacker might use, but I willing to spill my guts | any time to duly authorized law enforcement or relevant vendor | representative, in suitable confidential setting. | | MacWheel99@aol.com (Alister Wm Macintyre) (Al Mac) | _______________________________________________ | This is the Midrange Systems Technical Discussion (MIDRANGE-L) | mailing list | To post a message email: MIDRANGE-L@midrange.com | To subscribe, unsubscribe, or change list options, | visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l | or email: MIDRANGE-Lfirstname.lastname@example.org | Before posting, please take a moment to review the archives | at http://archive.midrange.com/midrange-l. |
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.