|
At 11:13 AM 3/5/02 -0600, you wrote: >On Mon, 4 Mar 2002, Vernon Hamberg wrote: > > > > Properly administered, it would be extremely difficult to > > hack it. It's almost impossible to put a worm or virus or similar item > on it. > > > >I'm sorry, but this statement is simply wrong. Writing a worm that runs >on OS/400 is VERY easy. All you have to do is scan for *CMD objects >that you have authority to change, and insert yourself as the CPP for >those commands. Then, once your code has been executed, simply call >the original CPP, and nobody ever knows. Yeah, that's right. And those methods have been known and documented in places like the Tips and Tools book for years. I guess my point has to do with external attacks. An ostrich attitude is definitely not the way to go. But the vulnerability that started all this good discussion is, IMO, almost a non-issue. The person who wanted to do damage this way is already far into unauthorized territory when they've got on the machine in the first place. Is the benefit of shutting this down worth the cost? Is it worth the limitations on valid use, as well as human effort? Maybe so. You makes your own call here. :-)
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
