|
From: Walden H. Leverich Um.... So do all the Windows attacks.... Remove my access to the box and I can't attack it. I'm on a windows box right now, go ahead, attack it... You can't. _ALL_ windows exploits require access to the box to work too.
Yeah, but there are two real big differences. First, it's very difficult for an iSeries user to elevate his or her privileges. On the other hand, there are many, many Windows attacks that allow a user to do just that. So unless you have no users at all on the server, it's not safe. Second, many Windows shops run IIS, which is an immediate vector for anonymous users to attack the system. IIS buffer overruns have been endemic in Windows and allow outside users to execute code that then runs in the security context of the IIS server. Granted they continue to lock these things down, but there really is no matching vector on the iSeries. You can't perform a buffer overrun and gain QSECOFR access. It just doesn't happen. Joe
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
