• Subject: Re: AS400 user password
  • From: "Mike Shaw" <mshaw@xxxxxxxxxxxxxx>
  • Date: Fri, 9 Jun 2000 11:20:12 -0700

Don,

Agreed!  It is not that big of a fix and can be back leveled fairly easily
based on the MI posting I have seen.  I think there are a lot more important
issues facing us all.  So IBM, *please* fix this openly and quickly and lets
*all* move on to bigger and better things!

Regards,

Mike Shaw
Senior AS/400 Technical Support
North American Mortgage
Santa Rosa, CA



----- Original Message -----
Subject: Re: AS400 user password


>
>
> Dan,
>
> I'm glad you took that point of reason.  I know that there are IBM'ers on
> the MI400 list and I'm frankly not going to commit them to comment.  I
> would not like to see that source code posted here to God and the world.
> I think and HOPE (tellme I'm not ignoring history:) that the proper cages
> are being shaken with sufficient vigor to let the proper folks realize
> that the knowledgeable end user has enough concern for his/her system and
> enough warrant to express concern to a recalcitrant IBM and now has the
> big enough stick to make them sit up and take notice.
>
> I've had alot of off list discourse and several phone calls with some of
> the priciples bringing up these points.  And before we open the world to
> another and bigger problem than we had back in CPF 7/7.1 days, I think
> that IBM needs to reply openly and quickly.  Frankly, I'ld be very happy
> to see the problems fixed and for both sides to keep the rest of their
> armaments in storeage vs. the front line.
>
> If we learned anything from the cold war it was that mutually assured
> distruction is not a winning tactic...but then, neither is recalcitrance.
>
> We've seen the head of BOTH monsters.  Frankly, I'm not sure I want to
> have the world seeing the rest of them.
>
> Don in DC
>
>
> On 9 Jun 2000, Dan wrote:
>
> > Just a few days ago, a 17-line RPG-IV program was posted to MI400-L that
> > sniffs user IDs and passwords as they sign on to the system.  I tried
it, it
> > works.
>
> > Even though the code was published on MI-400, I will leave it to the
original
> > author to republish it here.  I agree that security-by-obscurity is not
> > security at all, but don't feel it is my place to throw this hot potato
any
> > further.
>
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to
MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator:
david@midrange.com
> +---

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.