×

Good News Everybody!

The new search engine is LIVE!

Please report any problems to david (at) midrange.com.



  1.  Home
  2. MIDRANGE-L
  3. April 2005

RE: Green-screen versus browser

On Tue, 2005-04-26 at 13:23 -0600, James Rich wrote:
> On Tue, 26 Apr 2005, Rich Duzenbury wrote:
> 
> > Hypothetically, I know of a menu application that allows only authorized
> > users to update menu items.  That is to say, the F8 key will allow a
> > menu update, but F8 is not activated in the display file for
> > unauthorized users.
> >
> > The program code probably goes something like:
> >
> >    // If the user is allowed to change the menu, activate the F8 key
> >    if authorized_to_update;
> >        *in28 = '1';   // activate the f8 key
> >    endif;
> >
> >    exfmt the_menu;
> >
> >    select;
> >        *in08 wheneq '1';
> >             // process menu update
> >
> > Notice, the programmer of the menu app assumes that only an authorized
> > user can press F8, and never considered that a hacked 5250 client can
> > probably set on the F8 key at will.
> 
> It is true that a 5250 client could be modified to send back any key at 
> all.  It turns out to be quite simple.  The hard part is knowing that such 
> a key actually does something.
- Product documentation
- Seeing another user with the capability
- Read the screen "F8=Update"
- Source Code


>   Unless I'm misreading the 5250 spec, the 
> iSeries never sends the hidden fields to the screen in the first place. 
> So you wouldn't know that the possibility exists.
That's excellent news.  One less avenue for attack.
  

> 
> However, a network sniffer would allow you to know what the authorized 
> people see and do, provided a hub is used and not a switch.  Even if a 
> switch is used, it is trivial to run a sniffer on your own box and then 
> ask the admin to come over and run the program from your machine.  Of 
> course, if you can sniff you can do a lot more than just use it to hack a 
> 5250 client.
Of course, you can get someone else's password, and simply use it for
your misdeeds.


--
Regards,
Rich

Current Conditions in Des Moines, IA
Overcast
Temp 50F
Winds out of the North at 21, gusting to 29mph

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.