• Subject: Re: Rewarding Challenge AS/400
  • From: Rob Berendt <rob@xxxxxxxxx>
  • Date: Wed, 29 Sep 1999 8:01:32 -0500

Trust me.  This can happen.  I've borne the brunt of one such phone call, 
(after the fact), although it was done more politely.  Even though I did 
wait until an APAR declared the situation a 'Permanent Restriction', which 
my squawking got lifted.






leif@ibm.net on 09/28/99 07:18:04 PM
Please respond to MIDRANGE-L@midrange.com@Internet
To:     MIDRANGE-L@midrange.com@Internet
cc:      
Fax to: 
Subject:        Re: Rewarding Challenge AS/400

see below.
    Someone has raised the point about the publication & response by IBM to 
security exposures. I have often wondered why the notification services like 
CERT, never report AS/400 problems. They certainly do report http, java, 
WebSphere , SQL and other problems, all of which OS/400 works with. But the 
reports are always about WinXX, Linux, Unix, NT, Sun, and a few others. 
(Actually I do know why - most of the universe doesn't know or understand what 
an AS/400 is). BTW, CERT is a good place to get free info on security 
exposures, and a free e-mail alert service. Our government at work. CERTŠ 
Coordination Center 

  ----------------------------------

  When we first told IBM about our findings, there response was some like
  this (I can't remember the exact words - because it was always verbal):

  If you go public with this we will cut you off (we are a business partner of 
IBM).
  We will bury you. We will make sure you go out of business. Don't rock
  the boat.

  ----------------------------------------

  how is that for irresponsibility ???



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2014.210" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2>see below.</FONT></DIV>
<BLOCKQUOTE 
style="BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; 
PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
  <DIV>&nbsp; Someone has raised the point about the publication &amp; response 
  by IBM to security exposures. I have often wondered why the notification 
  services like CERT, never report AS/400 problems. They certainly do report 
  http, java, WebSphere , SQL and other problems, all of which OS/400 works 
  with. But the reports are always about WinXX, Linux, Unix, NT, Sun, and a few 
  others. (Actually I do know why - most of the universe doesn't know or 
  understand what an AS/400 is). BTW, CERT is a good place to get free info on 
  security exposures, and a free e-mail alert service. Our government at work. 
  <A href="http://www.cert.org">CERT Coordination Center</A> <BR></DIV>
  <DIV><FONT size=2>----------------------------------</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT size=2>When we first told IBM about our findings, there response 
  was some like</FONT></DIV>
  <DIV><FONT size=2>this (I can't remember the exact words - because it was 
  always verbal):</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT size=2>If you go public with this we will cut you off (we are a 
  business partner of IBM).</FONT></DIV>
  <DIV><FONT size=2>We will bury you. We will make sure you go out of business. 
  Don't rock</FONT></DIV>
  <DIV><FONT size=2>the boat.</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT size=2>----------------------------------------</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT size=2>how is that for irresponsibility ???</FONT></DIV>
  <DIV>&nbsp;</DIV></BLOCKQUOTE></BODY></HTML>

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.