RE: Recent bugtraq postings -- MIDRANGE-L

Shalom's posts are always completely blank.  Is this happening to anyone
else?

His post _does_ appear, quoted, in Mike's reply as you can seel below.  But
his original post was indeed blank.

-- 
Jeff Crosby
Dilgard Frozen Foods, Inc.
P.O. Box 13369
Ft. Wayne, IN 46868-3369
260-422-7531

The opinions expressed are my own and not necessarily the opinion of my
company.  Unless I say so.
 

> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx 
> [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of 
> Mike.Crump@xxxxxxxxxxxxxxxx
> Sent: Monday, April 25, 2005 10:38 AM
> To: Midrange Systems Technical Discussion
> Subject: Re: Recent bugtraq postings 
> 
> 
> You know, I'm not even sure if I have the time to respond 
> completely to this and the listings.  Suffice to say, not 
> sure if I would call them lies but there are assumptions and 
> inaccuracies.
> 
> 
> Michael Crump
> Manager, Computing Services
> Saint-Gobain Containers
> 1509 S. Macedonia Ave.
> Muncie, IN  47302
> (765)741-7696
> (765)741-7012 f
> (800)428-8642
> 
> "The probability that we may fail in the struggle ought not 
> to deter us from the support of a cause we believe to be 
> just"  Abraham Lincoln
> 
> 
> 
> 
> 
> 
>                                                               
>              
>              shalom@xxxxxxxxxx                                
>              
>                                                               
>              
>              04/25/2005 10:20                                 
>           To 
>              AM                        
> midrange-l@xxxxxxxxxxxx             
>                                                               
>           cc 
>                                                               
>              
>              Please respond to                                
>      Subject 
>              Midrange Systems          Re: Recent bugtraq 
> postings         
>                  Technical                                    
>              
>                 Discussion                                    
>              
>              <midrange-l@midra                                
>              
>                  nge.com>                                     
>              
>                                                               
>              
>                                                               
>              
> 
> 
> 
> Hey,
> 
> Contrary to what was mentioned on this forum, the postings on 
> bugtraq do not contain any lies and do not contain any 
> technical inaccuracies.
> If you do find any inaccurate statement, I would like to know 
> about it as soon as possible.
> 
> Please, read the postings yourselves and do not rely on 
> second hand opinion.
> 
> Enumerating users via LDAP:   
> http://www.securityfocus.com/archive/1/394308
> Enumerating users via FTP:    
> http://www.securityfocus.com/archive/1/394879
> Enumerating users via POP3:   
> http://www.securityfocus.com/archive/1/395969
> 5250 emulation back-door:     
> http://www.securityfocus.com/archive/1/394058
> Netcat reverse shell:         
> http://www.securityfocus.com/archive/1/394753
> FTP canonicalization problem: 
> http://www.securityfocus.com/archive/1/396628
> 
> 
> The FTP canonicalization based directory traversal is not 
> IBM's problem, it is a problem of the 3rd party security products.
> Some of them were notified prior to publishing, and I waited 
> for a reasonable time before posting on bugtraq.
> 
> The user enumeration techniques are low severity problems, 
> but problems they are, whether by design or by omission.
> 
> (I really do not understand why LDAP and POP3 must be turned 
> on by default, but hey, who am I to tell IBM how to package 
> their products?)
> 
> On the other hand, the 5250 back-door and the reverse shell 
> are potentially dangerous to the corporate environment.
> 
> I do not sell solutions - there are enough iSeries solution makers.
> I provide information about problems that sometimes exist in 
> unforeseen places.
> 
> BTW, IBM refused several times to answer my queries about 
> some of the issues. I was asked to supply a valid service 
> agreement before anyone would talk to me.
> 
> Well, I do not even have an iSeries server, so this obviously 
> was out of the question..
> 
> 
> Shalom Carmel
> -------------
> www.venera.com - Exposing iSeries insecurity
> 
> --
> This is the Midrange Systems Technical Discussion 
> (MIDRANGE-L) mailing list To post a message email: 
> MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change 
> list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, 
> please take a moment to review the archives at 
> http://archive.midrange.com/midrange-l.
> 
> --
> This is the Midrange Systems Technical Discussion 
> (MIDRANGE-L) mailing list To post a message email: 
> MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change 
> list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, 
> please take a moment to review the archives at 
> http://archive.midrange.com/midrange-l.
> 
> 
>