• Log4j Hits Heritage Version of Navigator for i – No Patch Coming

  January 12, 2022 Alex Woodie

  IBM i shops running the old version of the Navigator for i client should be aware that the software is vulnerable to the Log4j security vulnerability, and there will be no patch to fix it, IBM says in a new security bulletin. There will, however, be fixes coming to other vulnerable components, including IWS, IAS, and IBM i Access Client Solutions (ACS), IBM says.

  Just before we hit the holiday break, the extremely severe Apache Log4j security vulnerability was disclosed to the world, resulting in a frantic effort to patch servers, desktops, refrigerators – just about anything with a …

  Read more

• IBM Patches Nine Security Flaws in IBM i

  September 29, 2021 Alex Woodie

  IBM patched issued three security bulletins Friday alerting IBM i users to the availability of patches for nine newly disclosed security vulnerabilities in OpenSSL, HTTP Server, and a WebSphere Liberty components. Some of the vulnerabilities are potentially serious and should be patched immediately.

  IBM patched two security flaws its OpenSSL API that potentially could have devastating consequences on impacted systems, including enabling a hacker to take over the server, to read sensitive information, and execute a denial of service (DOS) attack. IBM patched these flaws in IBM i 7.1 through 7.4, according to the security bulletin, which you can read …

  Read more

• Kisco Locks Down IBM i Report Distribution

  October 28, 2020 Alex Woodie

  Users will gain more control over how their IBM i spool files are distributed and displayed, with a new release of WebReport/i, which is Kisco Information Systems’ spool file utility automatically reformatting and distributing spool files.

  WebReport/i can reformat IBM i spool files in a variety of different ways. It can change them into HTML, RTF, PDF, XLS, XLSX, TIF or CSV formats, and it can also distribute them via HTTP, FTP, email, Google Drive, Dropbox, and even fax.

  With Release 14, which was unveiled earlier this month, Kisco has shored up the security of the product. Specifically, when posting …

  Read more

• IBM i PTF Guide, Volume 22, Number 28

  July 20, 2020 Doug Bidwell

  The action never stops here at the IBM i PTF Guide. Which is probably a good thing because if a platform isn’t being constantly updated, expanded, tweaked, and fixed, then it probably is not going to live for much longer in this fast-changing world. No one can say that about the IBM i platform. Nope.

  So for you security buffs, check this out. Security Bulletin: BIND for IBM i is affected by CVE-2020-8616 and CVE-2020-8617, which has an insanely long link buried here. The link above provides details, but the gist of it is also here by release: …

  Read more

• Why You Need To Implement Exit Point Security – Now

  June 15, 2020 Rich Loeber

  As everyone knows, the only truly secure computer is one that is not networked to any other system or any client, and that has no users doing anything at all on the system. And if you really want to be honest about it, you should probably turn its power off. Then, it would be perfectly secure – and perfectly useless as well.

  To make any system useful, it has to be opened up so it can be reached by the world, and it may be hard to remember this now, three decades after the client/server and Internet revolutions, but there …

  Read more

• Samba Patch Caps Busy Year for IBM i Security

  December 4, 2019 Alex Woodie

  IBM last week patched a moderately severe security flaw in IBM i’s Samba implementation that could enable hackers to access data they really shouldn’t be able to access. The disclosure caps a rather busy second half of the year for security patches on IBM i that saw 26 emergency PTFs and Yum updates for Node.js, Python, the Apache HTTP Server, OpenSSL, ISC Bind, IBM Navigator, and even Db2 Mirror for IBM i.

  On November 26, IBM issued this security bulletin to let people know about the new flaw in the Samba client. The flaw could allow a hacker to not …

  Read more

• IBM i PTF Guide, Volume 21, Number 21

  June 3, 2019 Doug Bidwell

  You come to the IBM i PTF Guide to find out what’s new, and I am here to tell you. First of all, there is a new PTF Group for backup and recovery, which is perhaps not very exciting but is nonetheless one of the most critical aspects of the IBM i system. We also find that the HTTP Server in IBM i 7.2 and IBM i 7.3 has security vulnerabilities.

  The relevant PTFs for the Web server fixes are:

  • 3 SI69900 & SI69828
  • 2 SI69901

  For further details check this link.

  Also, there is a new PTF Group …

  Read more

• Taking A Fresche Approach To IBM i-Watson Education

  February 4, 2019 Alex Woodie

  There is a big data analytics revolution taking place that threatens to separate the AI haves from the have-nots. Companies that run the IBM i server want to get in on the analytics action just like everybody else, but AI discussions often stray away from IBM i. Now Fresche Solutions is working to close that disconnect with a series of educational courses centered squarely on the intersection of IBM i and Watson.

  Last year, Fresche Solutions worked with IBM last year to put together a series of onsite training seminars aimed at giving IBM i professionals the educational tools they …

  Read more

• Scaling Up For Cyber Monday With IBM i

  November 26, 2018 Alex Woodie

  A fulfillment company that’s expected to process millions of transactions on an IBM i server today will lean heavily on a slim layer of RPG-based Web services technology to keep the commerce flowing for its large clients. But there’s nothing stopping the middleware, dubbed iWebSrv, from simplifying data integration for clients in other industries.

  Retailers work all year to ensure they’re ready for the massive surge of traffic that springs up after Thanksgiving. For bricks-and-mortar types, Black Friday is their make-or-break day, while those with an omni-channel bent have Cyber Monday prominently circled on their calendars.

  Consumers are expected to …

  Read more

• IBM Patches Security Flaws In IBM i

  September 12, 2018 Alex Woodie

  IBM last week shared details of two new OpenSSL vulnerabilities that are impacting all supported versions of IBM i. That came on the heels of two more vulnerabilities that were disclosed last month in IBM i’s Python implementation and the HTTP Server. All of the flaws have been patched by IBM.

  IBM i 7.1, 7.2, and 7.3 are impacted by the pair of OpenSSL vulnerabilities disclosed by IBM on August 30. Neither of the flaws, which include CVE-2018-0732 and CVE-2018-0737, are particularly nasty, but they do open gaps in the platform’s security apparatus just the same, so it’s important to …

  Read more

Previous Articles