RE: Why NOT the web?

Joe, 
He's not talking about the actual PTF, he's talking about circumventing the
"Interactive Tax." 
He appears to be a .8% reply (2 out of 250). But, if you read carefully,
those PTF's include fixes specifically designed to thwart "Leif Svalgaard"
and FAST400.  

I'd say that's a security risk. I must first "Knowingly" purchase and
"Knowingly" install something I WANT to use to "SPECIFICALLY" circumvent the
interactive tax built into the operating system. That's a security flaw,
right?

Of course, the software my company has designed and developed allows a user
FROM an iSeries system to take control of a Windblows machine running MSSQL
server. I guess I write viruses for a living. Gosh, I can even reboot a
Windblows machine FROM an iSeries command line. I don't even have to install
anything on the remote machine. Pretty tricky, but it works.

I think I'm going to take Rob and Walden's approach and just give up on the
iSeries. I think I'll just move all my critical applications to MS Windblows
and MS IIS (Internet Secure Server). They are so much easier to use and I
can spend my time chasing viruses, security flaws, aware, spy bots and
General Protection Faults. 

At least they mostly did away with the BSOD (Blue Screen of Death) in
Windows 2000 and XP. Now, the system just hangs. I do have a fix somewhere
around here for that. It doesn't change the fact that you GET the BSOD, it
just allows you to pick a different color.

John Brandt 
iStudio400.com 
(903) 523-0708 
Home of iS/ODBC - MSSQL access from iSeries and RPG. 




-----Original Message-----
From: Joe Pluta [mailto:joepluta@xxxxxxxxxxxxxxxxx]
Sent: Thursday, December 30, 2004 5:14 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Why NOT the web?


> From: rob@xxxxxxxxx
> 
> http://www-
>
912.ibm.com/a_dir/as4ptf.nsf/a18db68aae4a7d81862566ba005d145c/6f5f6a97c1
26
> 608e86256e21004d0e9a?OpenDocument

Absolutely NOTHING in this document even hints of a security breach.  As
far as I can tell, it's a machine lockup due to an LPAR problem,
possibly due to a lost DASD event.  Hardly earth-shattering.  I suspect
we'll see some of these until the LPAR technology is fully mature.

> http://www-
>
912.ibm.com/a_dir/as4ptf.nsf/a18db68aae4a7d81862566ba005d145c/afe8220b54
a9
> 933d86256f7800735e4e?OpenDocument

Whereas as near as I can tell this is a security problem in a logging
API.  What does it do?  Does it allow you to log to a file you don't
have access to?  Could be a problem, but once again, hardly
earth-shattering.


As far as I've seen here, there's nothing in either of these bugs that
has the slightest ability to affect the security of an iSeries.  And
yet, you would compare this to the many security breaches (the image
processor overflow being the latest) that allow you to simply take over
a Windows machine.


Joe

-- 
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

-- 
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.6 - Release Date: 12/28/04
 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.6 - Release Date: 12/28/04