|
On Mon, 4 Mar 2002, Vernon Hamberg wrote: > > Properly administered, it would be extremely difficult to > hack it. It's almost impossible to put a worm or virus or similar item on it. > I'm sorry, but this statement is simply wrong. Writing a worm that runs on OS/400 is VERY easy. All you have to do is scan for *CMD objects that you have authority to change, and insert yourself as the CPP for those commands. Then, once your code has been executed, simply call the original CPP, and nobody ever knows. Granted, the security on the system could be set up to prevent this. But it could be on a Unix-based system as well. I guess if you're comparing it to Windows, OS/400 is more secure -- but that's REALLY not saying much. ANYTHING is more secure than Windows. And you really can't compare a single-user OS to a multiple user OS. Therefore, my comparisons here are all OS/400 to Unix. You could also use things like validity checking programs, message handling programs, etc to write a really powerful (but simple) worm. The popular "buffer overflow" method of hacking into a system would not work on an OS/400 system, thanks to the MUCH different way that pointers work -- however, other methods of hacking would work quite nicely. I hesitate to list actual methods of hacking an iSeries machine because of the potential damage that this could do. The OS/400 community has always believed in "security by ignorance" -- and I don't agree with that line of thinking -- but I'm not about to make myself the target of a lynch mob :)
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
