-
More IBM i Security Flaws Revealed
July 13, 2022 Alex Woodie
The summer slowdown might have started in your particular business, but things are just getting warmed up IBM security researchers, who disclosed a series of new vulnerabilities across IBM i products over the past couple of weeks, including IBM i Merlin, WAS Liberty, OpenSSL, the Digital Certificate Manager, and Zlib.
On June 27, IBM disclosed that the collection of open source and proprietary tools and technology it’s brought together as IBM i Modernization Engine for Lifecycle Integration (Merlin) suffers from no fewer than 16 separate security flaws.
Among the most series of these flaws is a CVE-2022-22965, a data binding …
Read more -
Four Hundred Monitor, July 13
July 13, 2022 Jenny Thomas
In the Jungle, our editors keep you informed by talking to the industry movers and shakers and relaying what they learn. (In fact, if you missed Tim’s inside scoop on Power 10, be sure to read the Top Story below.) Next week, you have the opportunity to ask your own questions of IBM i Chief Architect Steve Will during an Able One webinar on July 19. You can get the details and link for the webinar in the Chats, Webinars, Seminars, Shows, and Other Happenings section below, and take the opportunity to ask your Power10 and IBM i 7.5 questions. …
Read more -
Reader Feedback On Guru: The Finer Points of Exit Points
July 12, 2022 Bruce Bading
Hey, Alex:
Hope you are doing well. I was reading this article about exit points and found some technical inaccuracies.
The Socket Exit can be used to cover the following: You can use exits block all unwanted ports blocked. I will be happy to talk with author of this article to explain how this works.
- Not all services have exit points available.
- User defined ports do not have exit points associated.
Best regards,
— Tony Perera, Trinity Guard, a division of Fresche Solutions
Hey, one and all:
As the article states, exit points are an enhancement to cybersecurity on the …
Read more -
Guru: The Finer Points of Exit Points
June 27, 2022 Bruce Bading
Many years ago, we received a call from an IBM i customer stating that all exit points were gone and the QAUDJRN and receivers were missing. Then the question, “Do you think we’ve been hacked?” Truth was, the exit points weren’t gone; the associated programs had been de-registered. Conclusion, they had most likely been compromised.
The IBM i platform is a very securable system that can be secured (Secure vs Secured – What’s the difference?, WikiDiff), if you take steps to secure it.
On the IBM i, a limited number of functions provide an exit so that your …
Read more -
Multiple Security Vulnerabilities Patched on IBM i
June 22, 2022 Alex Woodie
In recent weeks, IBM has disclosed a handful of vulnerabilities in its IBM i operating system and related IBM i products, including Db2 Mirror, WebSphere, Navigator for i, the Java development and runtime tools, and OmniFind Text Search Server. IBM has shipped PTFs for the security problems, which range in severity from medium to high.
IBM warned of security holes in the HTTP Server (the one powered by Apache) in a June 13 security bulletin. The flaws, identified as CVE-2022-22720 and CVE-2022-22721, carry the risk of a HTTP request smuggling that could poison the Web cache, bypass firewalls, and …
Read more -
Four Hundred Monitor, June 8
June 8, 2022 Jenny Thomas
The business partners and resellers have now been briefed about the impending Power10 entry and midrange server launches, and it is just a matter of time before some of the details start leaking out. We look forward to seeing the new machines and convergence of cloud-style packaging and pricing for on premises and cloudy versions of these machines.
If you know something, say something. . . .
No matter what, we will have in-depth coverage and analysis as soon as the jig is up.
Top Stories From Outside The Jungle
(Data Center Dynamics) Some step-by-step advice about integrating IBM i …
Read more -
Kill Three Cloud Scenario Birds With One StorSafe Stone
June 1, 2022 Larry Bolhuis
It is a rare event when you can kill two birds with one stone. But thanks to a new partnership between IBM and FalconStor Software, you may have the opportunity to take down three with one stone. And it’s an opportunity I know well since I collaborated with the FalconStor and IBM teams to bring it forward.
Last month, IBM and FalconStor announced a strategic partnership to make the IBM i platform a better player in the hybrid cloud world that I believe will increasingly be a reality for IBM i users who rely on the platform to support their …
Read more -
Why Infor’s IDF Is Important for Customer Innovation
May 25, 2022 Alex Woodie
Among the remaining large ERP vendors targeting IBM i, Infor appears to be the most committed to ongoing development on the platform. A key element of that strategy is the Infor Development Framework (IDF), which plays a big role in extending the functionality in its IBM i-based ERP systems to meet customers’ specific needs.
The IDF features most prominently in Infor’s long-term strategy for the ERP XA (MAPICS), ERP LX (BPCS), and ERP System 21 product lines, says Robert Russel, the vice president of product development at Infor.
“We’re starting to try to essentially get that technology embedded into …
Read more -
How Committed Is Big Blue To The IBM Cloud?
May 23, 2022 Timothy Prickett Morgan
Before you get all nervous, I did not ask how committed is Big Blue to the Power Virtual Server. So don’t jump to the wrong conclusion. But we are beginning to wonder just how committed IBM is to the idea of operating a globe-spanning X86 server cloud that competes with the likes of Amazon Web Services, Microsoft Azure, Google Cloud, Alibaba Cloud, Tencent Cloud, and Baidu Cloud.
What got us to thinking about this was an announcement by IBM that it has signed a “strategic collaborative agreement” with AWS, which is just facing the facts that AWS is the …
Read more -
Guru: IBM i *USRPRF Security
May 23, 2022 Bruce Bading
IBM i has long enjoyed a reputation of being one of the most securable application servers in the industry. IBM i object encapsulation or object-oriented architecture achieves a level of technology integrity not found in file-based systems such as Unix, Linux, and Windows – as long as QSECUTY is set to 40 or 50.
This advanced technology however does not exclude the IBM i from security risks if your development teams are not practicing (DevSecOps | CSRC (nist.gov)) and (Zero Trust Architecture | NIST).
Let me remind what one of the lead signatories on the Agile …
Read more