It's amazing to me that on this list people don't understand exactly how
powerful our operating system is, and how (and why) it is essentially
invulnerable to an entire class of intrusions that plague all PC-type
operating systems.

Oh, I get it. Pat & others gets it too. Sweeping sound bites like "no virus" or "never hacked" is great for sales, but when the system or data is compromised is little comfort.
Joe - start with the reality that many hacks (statistical fact avail in many journals) originate from within the network.
Heck, I've caught users on the system "hacking" the payroll. And you would say we should have used the tools of i5/Os to secure the data ---- and that is all Pat & John & others have said - use the tools (many which are not "on" by default.
Hacking & cracking is so much more than getting thru the front door & past the sign on screen - that's an older concept then the AS400 itself.
Jim Franz

----- Original Message ----- From: "Joe Pluta" <joepluta@xxxxxxxxxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
Sent: Wednesday, October 24, 2007 10:13 PM
Subject: RE: DB2UDB hack


From: Jim Franz

So what (from IBM & other major software vendors)
requires PASE?
Websphere server?

WebSphere does not require PASE. Java does not require PASE. In fact, most
i5/OS software does not require PASE.


The other major piece of software not mentioned much but is an adapted
bit of non-IBM software - Apache webserver... and it is mentioned often in
the CERT Advisories over the years.

The pbA (powered by Apache) HTTP server is indeed based on the Apache code
base. However, again because of the architecture of i5/OS, it is not
subject to buffer overrun exploits. In fact, I'd be amazed if a single CERT
advisory on Apache actually applied to IBM's HTTP server.


Perhaps some of you are too young to remember the earlier DNS (not sure if
this same as Pat mentioned) that had IBM calling customers to load the
critical fix...
or the Common security group and their "demonstrations"...

Again, I'm not saying that i5/OS is perfectly secure. I've been pretty
specific about a class of exploits which are simply not applicable to native
i5/OS. This is probably the largest class of exploits, and they just can't
be executed on native i5/OS, primarily because of the strict separation of
program and data space.

It's amazing to me that on this list people don't understand exactly how
powerful our operating system is, and how (and why) it is essentially
invulnerable to an entire class of intrusions that plague all PC-type
operating systems.

Joe

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.




This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].