1.  Home
  2. MIDRANGE-L
  3. February 2008

Re: Book on Hacking the iSeries

I believe the book contains good information; however, I think a much
better title would have been "Exploiting Common Mistakes Made by iSeries
Administrations". Hacking the iSeries implies exploiting vulnerabilities
in the system itself. I haven't read the whole book, but I did have to
spend time responding to several items in the book; none of them were
issues with the OS, but rather issues with the way customers -- indeed,
very many customers -- choose to manage (or rather, not manage) security
on their systems.

Patrick Botz
Vice President, Security Consulting
Group8 Security, Inc
Business : 1-775-852-8887
Home/Office: 1-507-285-9048
Mobile : 1-507-250-5644
http://www.group8security.com
mailto:Pat.Botz@xxxxxxxxxxxxxxxxxx

___________________________

CONFIDENTIALITY NOTICE: This email message and any attachment to this email message contain information that may be privileged and confidential. This email and any attachments are intended solely for the use of the individual or entity named above (the recipient) and may not be forwarded to or shared with any third party. If you are not the intended recipient and have received this email in error, please notify us by return e-mail or by telephone at 775-852-8887 and delete this message. This notice is automatically appended to each email message leaving Group8 Security, Inc. Thank You.

ALopez@xxxxxxxxxx wrote:

Has anyone read this book? Is it a worthwhile investment?


You can check out some of what he's written at www.venera.com.

I believe it is fair for me to say that most readers of this list believe
that he overstates, at best, the security exposures in certain areas. I
also believe that most of what he exposes would not be relevant at
locations that have actually looked at security using either the IBM
redbook, "Implementing AS/400 Security", or "Experts' Guide to OS/400 and
i5/OS Security". I know the only thing he's pointed out that we haven't
covered here where I work is the ability of an AS/400 programmer to use
Client Access's remote command feature from the iSeries back to the
PC--something we use in house for known purposes anyway.

My personal recommendation is to get the "Experts' Guide..." listed above
by Carol Woodbury and Patrick Botz. Only after you've processed that
should you consider Shalom's. Some on this list may take umbrage with me
for allowing any use of his research, but hey, I'm one of those guys who
Googles "iSeries+hacking" once a week, just to see if anything new is out
there....


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.