OS/400 Alert: Microsoft Exposes IE to Hackers

by Shannon O'Donnell

This issue of "OS/400 Alert" gives you the straight dope on a new vulnerability discovered in Microsoft Internet Explorer. Ironically, this new vulnerability was caused by the latest Microsoft security patch, and there was no fix available at press time. Also in this issue, you will learn about a new beta product from IBM and a new tool for downloading iSeries PTFs. And, finally, we alert you to the Web's most annoying new viruses and worms.

Flaw in Internet Explorer Leaves Gaping Vulnerability

Microsoft has recently announced a rather severe security breach in its Internet Explorer 6.0 browser that can leave a user's PC open to attack. Unfortunately, a patch was not available at press time. This vulnerability, discovered by a Danish security firm called Secunia, which was actually caused by a Microsoft security patch update, allows browsers with Active Scripting enabled to be manipulated by an attacker, and allows the attacker to execute code on the user's PC. Microsoft warns that you should disable Active Scripting in your IE browser or use a non-IE browser until a patch becomes available.

You can find out more about this vulnerability on Secunia's Web site and CNET News.com.

IBM Offers New iSeries Access for Web Beta

If you haven't yet experimented with IBM's iSeries Access for Web, you are missing out on a really nice tool that can simplify the process of getting to your iSeries via the Web. (For step-by-step instructions on installing and configuring iSeries Access for Web, check out "iSeries Access for Web.") Once you have installed, configured, and played with the release version of iSeries Access for Web, you may want to give the new beta version a try.

The beta version of iSeries Access for Web contains many new features, including the following:

• There are enhancements in 5250 emulation, Print, Database, Customization, and more.
  
  
• There are two new portlets for use in WebSphere Portal for iSeries.
  
  
• There's a new functional category called "download," used for managed file distribution. A new product available from "download" in this beta is iSeries Access for Linux, which provides an ODBC driver and a new 5250 emulator that can run natively on Linux operating systems with Intel processors.
  
  
• Support has been added to export XML data to Microsoft Excel, as well as the capability to precisely retrieve the cursor position in 5250 applications (which is useful for field-context-level help in applications). New SQL wizards have also been added. And there is now the capability to retrieve data about the server and to store it for future use.

You can download the beta version of iSeries Access for Web from IBM's Web site.

This Week's Nasty Windows Worries

JS.Pun.Trojan is a virus that's activated upon starting Windows and attempts to open your browser to a couple of hard-coded URLs.

W32.Mimail.L@mm is spread by e-mail. It contains the subject line "Re [2] We are going to bill your credit card," and has an attachment named wendy.zip. Once activated, it steals information from your computer and sends it to the virus provider.

Backdoor.Dragonqq--Here's something different: This virus attempts to steal passwords from a Chinese instant messaging program to give the virus maker unauthorized access to that program. So if you are using a Chinese instant messaging tool (don't we all?), you'll want to read more about this one.

Backdoor.Haxdoor is a Trojan horse that opens TCP ports on your Windows PC to allow unauthorized access to your hard drive.

W32.HLLW.Studd is a worm virus that spreads through the KaZaA file-sharing program and also through network shares and mapped network drives. If you get this virus, you could inadvertently spread it to your iSeries via a mapped drive.

W32.HLLW.Southghost is similar to W32.HLLW.Studd, in that it's a worm that spreads through network shares and mapped drives.

IBM Replaces iPTF for Online PTF Downloading

If you have ever tried using IBM's online PTF ordering system, iPTF, you may have been disappointed with the results. The iPTF tool, especially the early incarnations of it, was finicky, buggy, and downright hard to use. The latest version of iPTF worked better, but still left a lot to be desired. IBM has replaced iPTF with yet another product, which actually appears to be the same iPTF product as before but allows IBM to roll the previously two separate products--Fix Delivery Center (for pSeries) and iPTF (for iSeries)--all into the same interface. We will report more on this "new" tool in an upcoming issue of "OS/400 Alert," but if you would like to investigate it on your own, go to IBM's Support Fix Central Web site.

PTFs and Fixes for OS/400 and Related Programs

The latest cumulative package from IBM for V5R2 customers is the one that came out on September 9. The latest HIPER package was just released last week, on November 25, so you'll want to grab this one. The Database Group PTF was updated on November 11. For complete details on this week's recommended fixes, go to IBM Web site.

Sponsored By PROFOUND LOGIC SOFTWARE

RPGsp (RPG Smart Pages) iSeries Web Development Has Never Been Easier! RPG developers know and understand the iSeries. With RPGsp, they can use their knowledge to build Web Applications that interact with iSeries data. Existing RPG logic can easily be incorporated into any new Web Application. Build with Wizards RPGsp eliminates the majority of laborious coding so you can get started quickly! Intelligent Wizards guide developers as they build powerful Browser Applications powered by ILE RPG. The Result Is Lightning Fast You will be amazed by the application response time. No intermediary severs or proprietary languages are used in RPGsp. RPGsp Browser Applications run natively on the iSeries and do not consume interactive resources. Architecture Is Flexible and Open RPGsp can either serve as a standalone Web development environment and platform, or it can integrate with other IDE's as well as applications residing on other platforms. Free 30-day License www.RPGsp.com The Smarter Choice for Web!