This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
--
[ Picked text/plain from multipart/alternative ]
Dan,

> To most IBM midrangers, this would be considered status
> quo.  Maybe I just find it strange that this is news.

It's not 'news' the BugTraq posting is very lame, and if that's the best
they can post for OS/400, then thank IBM that that's the case.

> After all, doesn't every AS/400 have a QSECOFR (and
> other IBM-supplied) profiles?

Yes, just like Unix has root - but often you don't want to use QSECOFR (or
can't if sign-on is limited to specific devices) to maintain a low profile.

> In consideration of the userID=password scenario, the
> vulnerability is the
> person(s) managing the system, IMO.

Yes, but 20-20 hindsight won't fix what damage has been done by Mr. Hacker
using that iser profile & password ;-)

--phil


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.