Re: Hope Conference Article

[daparnin@xxxxxxxxxxxxxxxxxx]

I would imagine that since most people at that AS/400 talk might not have
access to a system to experiment on (ie Unix/Linux) so the bulk of the
hacking may be limited to either an unguarded terminal or POS device in a
retail store with a command line where they might try a command or two,
press F1 for help to learn new commands, etc.  I would guess that the
person in said scenario wouldn't be a patron so much but rather a clever
and curious employee with time to kill.  The same could be true for factory
workers who get to a command line via a WRKSPLF option.

Granted, you can't count on anything so you have to try to plan for
everything...




                                                                                
                              
                      rick.baird@steakn                                         
                              
                      shake.com                To:       Midrange Systems 
Technical Discussion                
                                                
<midrange-l@xxxxxxxxxxxx>@SMTP@CTB                            
                      07/13/2004 03:04         cc:       (bcc: David A 
Parnin/Topeka/NISCO/SPCO)              
                      PM                       Subject:  Re: Hope Conference 
Article                          
                      Please respond to                                         
                              
                      Midrange Systems                                          
                              
                      Technical                                                 
                              
                      Discussion                                                
                              
                      <midrange-l@midra                                         
                              
                      nge.com>                                                  
                              
                                                                                
                              
                                                                                
                              




based on the article, and 'stankdawg' descriptions, he seemed reasonably
well versed in os/400 basics, but not much else.   my guess is that will
change next time they get together to talk about our baby.

poorly configured and/or protected http and ftp servers and other tcp
stacks could be far more harmful than getting a valid but limited user
profile/password combo.

jmho

Rick


----original message-----
>  Hey,  for anyone who is interested Timothy Pricket Morgan just published
a
> short article about this past weekend's HOPE conference's session on
hacking
> AS/400.  Apparently nothing earth-shaking was mentioned at the conference
> about hacking the '400, but information was passed on that you might wish
> hadn't been.  Nothing that no one on this list doesn't already know, but
> perhaps people who'd never thought about hacking our systems will now
have a
> basis to start from.
>
> You can read the article here:
> http://www.midrangeserver.com/breaking/bn071204-story01.html
>


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.