× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2005

RE: Recent bugtraq postings

Simon's point is to be well-taken in this discussion, IMO. The greatest security vulnerability is those who already have access to a machine. Folks who can't get access to a box can't do any of this stuff. I agree that this so-called vulnerability - to be able to do something malicious through CA - is not about a security flaw, it's about configuration. Not much point shutting the barn door behind the horse in order to keep it out. So hire people you can trust, then audit them anyway.

At 07:10 PM 4/22/2005, you wrote: 
On Fri, 22 Apr 2005, Joe Pluta wrote:

But my favorite is the one that warns that if you install Client Access,
"malicious AS/400 applications can run programs on your PC."  Uh huh.
Malicious AS/400 programs.  Sorry, but iSeries programmers actually work
for a living.  We're unlikely to want to write applications that wipe
out the workstations of our end users.

That's right. All iSeries programmers are angels. Since we actually work for a living we would never do such a thing. Every programmer who knows RPG is by definition a saint.

Could a malicious program be written? Certainly. Could such a program cause harm? That is the point under investigation. If so, then there is a security flaw. But to say that the iSeries is secure because iSeries programmers are such good people that a malicious program would never be written is ridiculous.

btw - all the iSeries programmers I know *are* angels.

James Rich

It's not the software that's free; it's you.
        - billyskank on Groklaw
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.