• Subject: RE: AS400 user password
  • From: "Bale, Dan" <DBale@xxxxxxxx>
  • Date: Wed, 14 Jun 2000 11:53:05 -0400

>nice guys<
You hope.  How many security breaches have occurred over the past 12 years
that nobody knows about?  How many "crackers" broke in using the HR
director's user ID and password and changed his own salary?  How would
anybody ever known that it wasn't the HR director (_if_ they found out at
all), assuming he kept his password an absolute secret?

Way back in the S/36 days, we had a programmer who claimed he could figure
out what everybody in the company was being paid.  Didn't matter that he had
no access to the files, programs, menus, whatever.  Turned out he used the
CATALOG to determine where the payroll file was on the DASD and dumped the
data.  Fortunately, he was ethical enough to inform the boss.  Payroll was
outsourced not long after that.

How many unethical programmers knew the same thing?

Sorry for being so cynical, but I think many managers forget that it's not
the 99.9% of their programming staff they *don't* need to worry about, but
the 0.1% that they do.  And which one is that?

- Dan Bale

> -----Original Message-----
> From: booth@martinvt.com [SMTP:booth@martinvt.com]
> Sent: Tuesday, June 13, 2000 11:14 PM
> To:   MIDRANGE-L@midrange.com
> Subject:      Re: AS400 user password
> 
> Lets rejoice in the 4 days and suggest the 12 years is just the result of 
> all us AS/400 users being nice guys.
> _______________________
> Booth Martin
> Booth@MartinVT.com
> http://www.MartinVT.com
> _______________________
> 
> 
> "William Washington III" <w.washington@iols.net>
> Sent by: owner-midrange-l@midrange.com
> 06/13/2000 10:27 PM
> Please respond to MIDRANGE-L
> 
>  
>         To:     <MIDRANGE-L@midrange.com>
>         cc: 
>         Subject:        Re: AS400 user password
> 
> I tend to agree that we shouldn't "broadcast" a vulnerability, but I also
> strongly feel that if a vulnerability exists, responsible people should 
> know about it so thay can take precautions.
> 
> This security lapse should never have made it to the AS/400... My take on 
> it is IBM wasn't quick on the response.  The hardware has been out for 12
> years!  Only when the breech was published did they take action.
> 
> William
> 
        >snip<
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.