|
Sounds like a security problem...now if we could get a book written about it... > -------- Original Message -------- > Subject: RE: Recent bugtraq postings > From: "Jeff Crosby" <jlcrosby@xxxxxxxxxxxxxxxx> > Date: Mon, April 25, 2005 2:49 pm > To: "'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx> > > Shalom's posts are always completely blank. Is this happening to anyone > else? > > His post _does_ appear, quoted, in Mike's reply as you can seel below. But > his original post was indeed blank. > > -- > Jeff Crosby > Dilgard Frozen Foods, Inc. > P.O. Box 13369 > Ft. Wayne, IN 46868-3369 > 260-422-7531 > > The opinions expressed are my own and not necessarily the opinion of my > company. Unless I say so. > > > > -----Original Message----- > > From: midrange-l-bounces@xxxxxxxxxxxx > > [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of > > Mike.Crump@xxxxxxxxxxxxxxxx > > Sent: Monday, April 25, 2005 10:38 AM > > To: Midrange Systems Technical Discussion > > Subject: Re: Recent bugtraq postings > > > > > > You know, I'm not even sure if I have the time to respond > > completely to this and the listings. Suffice to say, not > > sure if I would call them lies but there are assumptions and > > inaccuracies. > > > > > > Michael Crump > > Manager, Computing Services > > Saint-Gobain Containers > > 1509 S. Macedonia Ave. > > Muncie, IN 47302 > > (765)741-7696 > > (765)741-7012 f > > (800)428-8642 > > > > "The probability that we may fail in the struggle ought not > > to deter us from the support of a cause we believe to be > > just" Abraham Lincoln > > > > > > > > > > > > > > > > > > shalom@xxxxxxxxxx > > > > > > > > 04/25/2005 10:20 > > To > > AM > > midrange-l@xxxxxxxxxxxx > > > > cc > > > > > > Please respond to > > Subject > > Midrange Systems Re: Recent bugtraq > > postings > > Technical > > > > Discussion > > > > <midrange-l@midra > > > > nge.com> > > > > > > > > > > > > > > > > > > Hey, > > > > Contrary to what was mentioned on this forum, the postings on > > bugtraq do not contain any lies and do not contain any > > technical inaccuracies. > > If you do find any inaccurate statement, I would like to know > > about it as soon as possible. > > > > Please, read the postings yourselves and do not rely on > > second hand opinion. > > > > Enumerating users via LDAP: > > http://www.securityfocus.com/archive/1/394308 > > Enumerating users via FTP: > > http://www.securityfocus.com/archive/1/394879 > > Enumerating users via POP3: > > http://www.securityfocus.com/archive/1/395969 > > 5250 emulation back-door: > > http://www.securityfocus.com/archive/1/394058 > > Netcat reverse shell: > > http://www.securityfocus.com/archive/1/394753 > > FTP canonicalization problem: > > http://www.securityfocus.com/archive/1/396628 > > > > > > The FTP canonicalization based directory traversal is not > > IBM's problem, it is a problem of the 3rd party security products. > > Some of them were notified prior to publishing, and I waited > > for a reasonable time before posting on bugtraq. > > > > The user enumeration techniques are low severity problems, > > but problems they are, whether by design or by omission. > > > > (I really do not understand why LDAP and POP3 must be turned > > on by default, but hey, who am I to tell IBM how to package > > their products?) > > > > On the other hand, the 5250 back-door and the reverse shell > > are potentially dangerous to the corporate environment. > > > > I do not sell solutions - there are enough iSeries solution makers. > > I provide information about problems that sometimes exist in > > unforeseen places. > > > > BTW, IBM refused several times to answer my queries about > > some of the issues. I was asked to supply a valid service > > agreement before anyone would talk to me. > > > > Well, I do not even have an iSeries server, so this obviously > > was out of the question.. > > > > > > Shalom Carmel > > ------------- > > www.venera.com - Exposing iSeries insecurity > > > > -- > > This is the Midrange Systems Technical Discussion > > (MIDRANGE-L) mailing list To post a message email: > > MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change > > list options, > > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > > or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, > > please take a moment to review the archives at > > http://archive.midrange.com/midrange-l. > > > > -- > > This is the Midrange Systems Technical Discussion > > (MIDRANGE-L) mailing list To post a message email: > > MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change > > list options, > > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > > or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, > > please take a moment to review the archives at > > http://archive.midrange.com/midrange-l. > > > > > > > > > > -- > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
