• Ethical Hackers Discuss Penetration Work On IBM i

  September 16, 2024 Alex Woodie

  The IBM i server is heralded as a secure platform, but in reality, it is susceptible to a range of attacks, including common ones and others that are unique to the platform. To help push the security ball forward and encourage secure IBM i configurations, researchers from Silent Signal recently discussed their latest work during a European ethical hacking conference.

  In just a few years working on IBM i, Bálint Varga-Perke and Zoltan Panczel, the co-founders of the Hungarian company Silent Signal, have identified a handful security vulnerabilities on the platform, including a moderate security flaw in DDN in …

  Read more

• Fortra Issues 20th State of IBM i Security Report

  May 24, 2023 Alex Woodie

  IBM is celebrating 35 years of its midrange platform next month, and there is no doubt it will be an exciting moment for the IBM i community. But there’s another occasion you might not be aware of: the 20th annual State of IBM i Security Study, which was issued last month by Fortra (formerly HelpSystems).

  Back in 2004, the security experts at PowerTech took it upon themselves to analyze the configurations of customers’ actual iSeries and AS/400 servers (there were still AS/400s around) and write a report sharing what they found. As you might imagine, the state of security, as …

  Read more

• White Hats Completely Dismantle Menu-Based Security

  February 6, 2023 Alex Woodie

  Think menu-based security can prevent cybercriminals from accessing the most important parts of your IBM i system? Think again, as the white hat hacking group Silent Signal recently demonstrated in a real-world penetration test of a bank’s IBM i system through a seemingly restricted green-screen interface.

  Life was demonstrably simpler for midrange administrators before the Internet took off. Before we had all these different protocols providing access to applications and data – ODBC, FTP, SQL, Remote Command, etc. – an administrator could feel somewhat confident that users weren’t accessing things they shouldn’t by simply configuring their menus in a restrictive …

  Read more

• IBM Delivers More Out-of-the-Box Security with IBM i 7.5

  May 11, 2022 Alex Woodie

  It’s often said that IBM i is one of the most securable server platforms on the market. But all too often, customers don’t take the time to properly configure it, leaving their applications and data at risk. With IBM i 7.5, IBM is taking aim at security and delivering a system that is more secure when it ships from the factory.

  From default settings to the elimination of some options, IBM has taken several steps to make IBM i more secure by default. IBM i security expert Carol Woodbury, a former security IBM architect for OS/400 and now the co-founder …

  Read more

• Groundhog Day For Malware

  May 11, 2022 Steve Pitcher

  Say it with me: IBM i is NOT immune to malware.

  A couple of years ago, I wrote a piece called The Real Effects of Malware on IBM i. I thought it laid out a pretty fun, yet frighteningly serious, story of having an argument with a gentleman on Facebook regarding what’s IBM i fact vs fiction regarding malware and how myself and my iTech Solutions colleague Nathan Williams proved it out with some homemade malware and hosed a test system in the process. It really just says everything it needs to.

  So a few weeks ago I’m on …

  Read more

• Top Five Failures In State of IBM i Security For 2022

  April 18, 2022 Alex Woodie

  HelpSystems last week officially unveiled its annual State of IBM i Security report, the 18th straight year for the series. Like with past reports, the 2022 version highlights some of the continuing challenges that IBM i customers face when trying to secure their systems. A few key areas stand out above the rest.

  The IBM i server is a bit of an enigma when it comes to security. While it is widely perceived to be one of the most secure computing platforms on the planet – and “virus-proof” to boot – the reality is that a good number of IBM …

  Read more

• Glimpsing Hope in the IBM i Security Situation

  April 6, 2022 Alex Woodie

  These are dark days in the security business, thanks to the boom in ransomware, the looming threat of cyberwar with Russia, and the poor security of IBM i servers. But just as it’s darkest before the dawn, there could be some preliminary indications that the IBM i community is finally starting to wake up when it comes to securing their most important applications, systems, and data.

  It’s hard to be optimistic in the face of repeated failures. When it comes to IBM i security, those failures have been well-documented in annual State of Security reports for nearly two decades by …

  Read more

• Guru: IBM i Experience Sharing, Case 1 – Object Authority Check And Batch Job Performance

  March 7, 2022 Satid Singkorapoom

  Batch processes are perennial in virtually all kinds of business processing. From time to time, customers have to deal with batch runs that take too long, and many factors influence run time. One such factor in IBM i is how you assign object authority access rights for user profiles to the libraries and objects that are accessed by batch jobs. The importance of this factor can be found in the following case study.

  Many years ago, a customer asked me to determine why batch run time took too long. The customer ran 25 concurrent batch jobs in the batch process …

  Read more

• Security Checks Drive Consulting Biz for Briteskies

  June 14, 2021 Alex Woodie

  With high-profile ransomware attacks becoming the norm and calls for a federal cybersecurity department gaining steam, there’s a distinct uneasiness when it comes to the security of corporate computer systems. That uptick in awareness is helping to drive business for Briteskies, the Cleveland, Ohio-based IT consultancy that has made IBM i security a cornerstone of its business.

  Briteskies was founded in 2000 primarily as a JD Edwards specialist for organizations in the Great Lakes region. Over the years, the company has expanded into other niches, including Magento e-commerce systems, custom RPG development, and computer security.

  The market for IBM i …

  Read more

• IBM Completes Migration of Knowledge Center to IBM Documentation

  April 7, 2021 Alex Woodie

  For years, the IBM Knowledge Center has been the go-to place to get technical information about how things work in IBM i. Got a question about RPG opcodes or ALLOBJ authority? The Knowledge Center was the place for you. As part of its broader overhaul of its online resources and properties, IBM recently completed the migration of its Knowledge Center to the new site, called IBM Documentation.

  IBM i professionals can find all of the content they have grown accustomed to finding at the Knowledge Center on the new IBM Documentation site, which can be found at www.ibm.com/docs/en. There …

  Read more

Previous Articles