× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2005

RE: Why NOT the web?

I was NOT talking about the interactive tax.  That's just a standard on 
every PTF and I've gotten to the point of just ignoring that.

And I was not advocating moving from the iSeries to Windows.  I was just 
noting that saying that there are all these security leaks on Windows and 
none on iSeries is going to get you in trouble if the person you are 
saying it to can read.

I'd also like to know how Joe inferred it was a LPAR issue.  By the 
superceeded ptf's?  I searched for that apar and couldn't find that.

Rob Berendt
-- 
Group Dekko Services, LLC
Dept 01.073
PO Box 2000
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





"John Brandt Sr." <pgmr@xxxxxxxxxxxxxxx> 
Sent by: midrange-l-bounces@xxxxxxxxxxxx
12/30/2004 06:11 PM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>


To
"'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
cc

Subject
RE: Why NOT the web?






Joe, 
He's not talking about the actual PTF, he's talking about circumventing 
the
"Interactive Tax." 
He appears to be a .8% reply (2 out of 250). But, if you read carefully,
those PTF's include fixes specifically designed to thwart "Leif Svalgaard"
and FAST400. 

I'd say that's a security risk. I must first "Knowingly" purchase and
"Knowingly" install something I WANT to use to "SPECIFICALLY" circumvent 
the
interactive tax built into the operating system. That's a security flaw,
right?

Of course, the software my company has designed and developed allows a 
user
FROM an iSeries system to take control of a Windblows machine running 
MSSQL
server. I guess I write viruses for a living. Gosh, I can even reboot a
Windblows machine FROM an iSeries command line. I don't even have to 
install
anything on the remote machine. Pretty tricky, but it works.

I think I'm going to take Rob and Walden's approach and just give up on 
the
iSeries. I think I'll just move all my critical applications to MS 
Windblows
and MS IIS (Internet Secure Server). They are so much easier to use and I
can spend my time chasing viruses, security flaws, aware, spy bots and
General Protection Faults. 

At least they mostly did away with the BSOD (Blue Screen of Death) in
Windows 2000 and XP. Now, the system just hangs. I do have a fix somewhere
around here for that. It doesn't change the fact that you GET the BSOD, it
just allows you to pick a different color.

John Brandt 
iStudio400.com 
(903) 523-0708 
Home of iS/ODBC - MSSQL access from iSeries and RPG. 




-----Original Message-----
From: Joe Pluta [mailto:joepluta@xxxxxxxxxxxxxxxxx]
Sent: Thursday, December 30, 2004 5:14 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Why NOT the web?


> From: rob@xxxxxxxxx
> 
> http://www-
>
912.ibm.com/a_dir/as4ptf.nsf/a18db68aae4a7d81862566ba005d145c/6f5f6a97c1
26
> 608e86256e21004d0e9a?OpenDocument

Absolutely NOTHING in this document even hints of a security breach.  As
far as I can tell, it's a machine lockup due to an LPAR problem,
possibly due to a lost DASD event.  Hardly earth-shattering.  I suspect
we'll see some of these until the LPAR technology is fully mature.

> http://www-
>
912.ibm.com/a_dir/as4ptf.nsf/a18db68aae4a7d81862566ba005d145c/afe8220b54
a9
> 933d86256f7800735e4e?OpenDocument

Whereas as near as I can tell this is a security problem in a logging
API.  What does it do?  Does it allow you to log to a file you don't
have access to?  Could be a problem, but once again, hardly
earth-shattering.


As far as I've seen here, there's nothing in either of these bugs that
has the slightest ability to affect the security of an iSeries.  And
yet, you would compare this to the many security breaches (the image
processor overflow being the latest) that allow you to simply take over
a Windows machine.


Joe

-- 
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

-- 
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.6 - Release Date: 12/28/04
 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.6 - Release Date: 12/28/04
 
-- 
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.