× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. SECURITY400
  3. November 2004

Re: test?

I prefer that the list remain, even with very low activity. There are elements that would be better discussed in a limited environment before spilling over into wider distribution. For general questions such as those often posted to Midrange-L, wide distribution is probably a good thing.

But various topics involve personal attitudes, can take on "religious" feelings -- e.g., "Use the cycle!" vs. "Modernize at all costs!" -- and shouldn't clutter other lists. (Yes, I know that example is mostly irrelevant to this list; it was just an illustration to avoid actually mentioning relevant topics and kick-starting old debates.)

Another topic that _might_ have been more appropriate here first was raised on Midrange-L a couple months back. I thought it would have been better to cover it in depth here and later post a reference in Midrange-L pointing back to the thread here; the Security archive then would have it instead of Midrange-L. The topic was telnet exit programs and the proper handling of bypass-signon and password verification.

A year or two ago, I saw that the source for a fairly popular shareware/sample telnet exit program did not include complete handling for those attributes. I contacted the author and had a discussion about updating the source to include complete handling because, as distributed, that telnet exit program could be exploited to allow anyone total access to the AS/400. I also asked the author _not_ to comment publically about it until he could feel more comfortable that corrected versions had been made available and distributed as far as reasonable. A more public discussion could have compromised numerous systems immediately.

Now, a discussion about that scenario already gets into the "Full disclosure!" vs. "Keep it secret!" debate. As such, I'd say it belongs here, not Midrange-L. When anyone is interested, the archives can be checked without bothering those who couldn't care less.

In short, I'd vote to keep the list even with minimal traffic. The _potential_ seems worthwhile.

Tom Liotta

Mike Wills <koldark> wrote:

I think many times the questions just get asked on MIDRANGE-L.

Do we really need this list if it isn't being used? 


--
Tom Liotta
The PowerTech Group, Inc.
19426 68th Avenue South
Kent, WA 98032
Phone  253-872-7788 x313
Fax    253-872-7904
http://www.powertech.com



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.