-
Fortra Issues 20th State of IBM i Security Report
May 24, 2023 Alex Woodie
IBM is celebrating 35 years of its midrange platform next month, and there is no doubt it will be an exciting moment for the IBM i community. But there’s another occasion you might not be aware of: the 20th annual State of IBM i Security Study, which was issued last month by Fortra (formerly HelpSystems).
Back in 2004, the security experts at PowerTech took it upon themselves to analyze the configurations of customers’ actual iSeries and AS/400 servers (there were still AS/400s around) and write a report sharing what they found. As you might imagine, the state of security, as …
Read more -
Top Five Failures In State of IBM i Security For 2022
April 18, 2022 Alex Woodie
HelpSystems last week officially unveiled its annual State of IBM i Security report, the 18th straight year for the series. Like with past reports, the 2022 version highlights some of the continuing challenges that IBM i customers face when trying to secure their systems. A few key areas stand out above the rest.
The IBM i server is a bit of an enigma when it comes to security. While it is widely perceived to be one of the most secure computing platforms on the planet – and “virus-proof” to boot – the reality is that a good number of IBM …
Read more -
State Of IBM i Security: Seven Areas That Demand Attention
April 24, 2017 Alex Woodie
The latest installment of the annual State of IBM i Security was released last week by HelpSystems, and the results were about what you would expect: most IBM i servers are basically wide open for abuse.
In a webinar last week, HelpSystems director of security technologies Robin Tatam discussed the findings of the report, which was based on security assessments conducted on 332 systems during 2016. He broke the findings down into seven core areas that should be addressed, including system security levels; administrative privileges; passwords and user profiles; data and program permissions; network access and exit programs; audit trails; …
Read more -
State of IBM i Security? Still Horrible, After All These Years
May 18, 2015 Alex Woodie
… Read moreWhen you talk to IBM about the IBM i-on-Power platform, the word “security” is used extensively, and appears frequently next to other power words like “reliability” and “availability.” But when you talk to the security software vendor PowerTech about the state of IBM i security, you might be surprised to hear words like “wide open” and “breach fatigue.” Then again, if you have been an IT Jungle reader for very long, you may not.
Last month, PowerTech released its 12th annual State of IBM i Security Study. The 25-page report, which you can download from the company’s website,
-
State Of IBM i Security? Dismal As Usual, PowerTech Says
May 19, 2014 Alex Woodie
… Read moreOrganizations are taking unnecessary risks by neglecting to properly secure their IBM i environments, according to PowerTech‘s 2014 State of IBM i Security report, which it released last week. While PowerTech spotted all kinds of security shortcomings–ranging from too many powerful profiles to using lax security levels–the most glaring problem may have to do with poor password management.
Bad password hygiene leaves IBM i shops open to external hackers and internal threats, PowerTech says. You are not going to find Heartbleed-level password problems, where billions of once-trusted passwords instantly became vulnerable overnight. But considering the level of fine-tuning that’s
-
State Of IBM i Security Remains Poor, PowerTech Says
May 21, 2012 Alex Woodie
… Read moreIBM i shops are still failing to enact basic security safeguards to prevent unauthorized access of the data in their systems, according to PowerTech, which issued its annual State of IBM i Security report this month. Even when it comes to basic security concepts, like changing default passwords, minimizing user permissions, and monitoring exit points, the average IBM i shop fails spectacularly. The upshot is that most shops are gambling with their data, with a heavy bet placed on “security through obscurity.”
If it was a video conference, PowerTech director of security technologies Robin Tatam would have been seen
-
IBM i PTF Guide, Volume 26, Number 44
November 11, 2024 Doug Bidwell
The number of patches slowed down last week, and we are not sure if that had anything to do with the election in the United States, but what we do know is we all got a break. And we will take it, and then get back to work.
There are a number of security vulnerabilities with WebSphere middleware, an issue with drive logging, and several fixes for TGTRLS in the RPG compilers.
First, we have Security Bulletin: IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086), which you can read about here. This …
Read more -
IBM Working On Making Enterprise Java Easier
October 21, 2024 Timothy Prickett Morgan
Java is important in the enterprise, and getting more important, and IBM wants to help make managing and using Java easier.
At this time last year, there were 26.3 million application developers in the world, and according to CodeNinja, about 20 million of them were reasonably fluent in JavaScript, nearly double the number six years ago. (We are not sure if CodeNinja is counting Node.js as a variant of JavaScript, as it probably should.)
Java, a much older cross-platform language and the lingua franca of business logic in the enterprise, is not as large but is seeing a bit …
Read more -
IBM i PTF Guide, Volume 26, Number 38
October 7, 2024 Doug Bidwell
There is a hodge podge of stuff that you need to deal with this week when it comes to patching your IBM i system.
First, there is a security vulnerability. Read all about it in Security Bulletin: Vulnerability in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition (CVE-2024-36138), which you can find out more about at this link. The issue can be fixed by loading an interim fix. IBM strongly recommends addressing the vulnerability now by upgrading to Node.js 18.20.4. Please follow Upgrading the Node.js that is used by Cordova or NodeRed …
Read more -
GenAI Interest ‘Exploding’ for Modernization on IBM i and Z, Kyndryl Says
September 18, 2024 Alex Woodie
There’s been an explosion of interest in using generative AI on IBM i and System Z servers, according to Kyndryl’s latest report on mainframe modernization. Hybrid IT, security, the skills gap, and observability round out the top five trends impacting the IBM midrange and mainframe platforms.
Last year, Kyndryl contracted with Coleman Parkes Research to survey about 500 senior IT leaders at IBM i and System Z mainframe shops around the world. That effort turned into the 2023 State of Mainframe Modernization Survey Report, which we covered here.
Many of the same modernization trends that the former IBM Global …
Read more
