What I wonder is why IBM i didn't pass?
If it is simply because they were using the outdated ciphers then is the
OP sure that some of the other sites truly support these outdated ciphers?
If it is because they actually tested for that vulnerability then it
doesn't sound like IBM does have it patched.
Or does the scanning service check all ciphers or stop at some level?

Some security scans are pretty simplistic. For example, scans for DNS
bind. They simply check to see what bind level you report and whether or
not there are CVE's out there for that level of bind. Most other sites
upgrade their level of bind. IBM i does it differently: They patch the
old level of bind and post a site as to what CVE's have been patched on
what levels of bind by what PTF's. Upgrading to a new level of bind is
often restricted to an OS upgrade.
The scanning service could not care a whit about this site and had no
intention of checking it.
Apparently they also had little interest to test if the problem was really
still there. Once they saw that level of bind that was where they
stopped.

And that was when we were using IBM scanning...


Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.