• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Dubious Achievement: iSeries Gets Some Attention From Hackers

    July 19, 2004 Hesh Wiener

    A presentation on the iSeries was one of the many topics featured at the Fifth HOPE conference, held at New York’s Hotel Pennsylvania from July 9 through 11. This would be just another of many talks about the product line at gatherings, except for one difference. HOPE stands for Hackers On Planet Earth.

    More than 2,000 people are said to have attended HOPE this year, and the number could have been twice as high. Enough HOPE attendees were interested in the iSeries to pack the large hall that served as the origination center for the presentation. It’s hard to say how many people actually listened in, because video feed from the talks was piped to other rooms used by the large conference and also beamed out on the Internet as a streaming video feed.

    Many of the attendees and presenters at HOPE use pseudonyms, and the iSeries show was no exception. The speaker for the iSeries session made himself known only as Stankdawg, and the only other thing he revealed about himself is that he’s from Florida, where he is active in the hacker’s organization Florida 2600. HOPE is run by 2600, the hacker’s quarterly magazine.

    While some of the sessions at HOPE delved into specific techniques to get into systems and networks or to snoop on wireless transmissions, the iSeries session was relatively tame. It presented an overview of what Stankdawg said any interested party might find after getting to an OS/400 platform via Telnet 5250. And what this person might see, according to Stankdawg, is a lot more than the systems managers would want him to see.

    Basically, as OS/400 users know, visitors logging on to OS/400 get menus and these menus are presumably limited to the ones that are legit for that user. But lots of screens also offer command line processing, and it’s often the case that a user can enter a command line that’s not on a menu and not intended to be available. From there, with a little knowledge of the basic OS/400 shell commands, or a little use of Help, it’s pretty easy for a nosy person to do things like check out queued output, where lots of information that’s kept under lock and key while it’s in files is totally exposed to view. Stankdawg pointed out that there’s no reason for this to be the case, given the excellent permission management capabilities of OS/400, but, he added, the people who manage OS/400 slip up and, perhaps, do so far more often than not.

    Then there’s always the chance that an unintended visitor can guess at a password. Any user of OS/400 knows some default usernames, such as QSYSOPR, an operator, or QSECOFR, a nice name that gets you to what would be the root of a Unix or Linux system, and so on.



    Stankdawg closed his session by pointing out that OS/400 created extensive, detailed logs, so people hacking around on an iSeries are bound to leave a trail. He didn’t have to say that by the time somebody spots a trail of killed jobs or other peculiar stuff, it might be a bit late to do much about whatever left the trail. Nor did he go into ways to cover a trail by wrecking or flooding log files.

    OS/400 users who think their systems are secure because there are few reports of security problems, particularly compared to things in the Windows world, would get little comfort from the HOPE session. In the view of Stankdawg, at least, the relative obscurity of OS/400 is its main protective measure; it’s probably no harder to crack than Linux or Unix, even if it’s probably sturdier than Windows.

    Perhaps this isn’t true. But a roomful of computer hotshots, some of whom might have had mischief on their minds, are now a little better educated in the shape and character of OS/400. Just how a chance at fame in the hackers’ world will play among iSeries experts is hard to say, but it might not be widely appreciated.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    VISUAL LANSA 16 WEBINAR

    Trying to balance stability and agility in your IBM i environment?

    Join this webinar and explore Visual LANSA 16 – our enhanced professional low-code platform designed to help organizations running on IBM i evolve seamlessly for what’s next.

    🎙️VISUAL LANSA 16 WEBINAR

    Break Monolithic IBM i Applications and Unlock New Value

    Explore modernization without rewriting. Decouple monolithic applications and extend their value through integration with modern services, web frameworks, and cloud technologies.

    🗓️ July 10, 2025

    ⏰ 9 AM – 10 AM CDT (4 PM to 5 PM CEST)

    See the webinar schedule in your time zone

    Register to join the webinar now

    What to Expect

    • Get to know Visual LANSA 16, its core features, latest enhancements, and use cases
    • Understand how you can transition to a MACH-aligned architecture to enable faster innovation
    • Discover native REST APIs, WebView2 support, cloud-ready Azure licensing, and more to help transform and scale your IBM i applications

    Read more about V16 here.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Admin Alert: Decommissioning Group Profiles Tracking SQL: Tango/04 Keeps Watch for Malicious Queries

    Leave a Reply Cancel reply

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • With Power11, Power Systems “Go To Eleven”
  • With Subscription Price, IBM i P20 And P30 Tiers Get Bigger Bundles
  • Izzi Buys CNX, Eyes Valence Port To System Z
  • IBM i Shops “Attacking” Security Concerns, Study Shows
  • IBM i PTF Guide, Volume 27, Number 26
  • Liam Allan Shares What’s Coming Next With Code For IBM i
  • From Stable To Scalable: Visual LANSA 16 Powers IBM i Growth – Launching July 8
  • VS Code Will Be The Heart Of The Modern IBM i Platform
  • The AS/400: A 37-Year-Old Dog That Loves To Learn New Tricks
  • IBM i PTF Guide, Volume 27, Number 25

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle