IBM i LIBL Autopwn: Kill the Vulnerability Class - Silent Signal Techblog
Because we can!| Silent Signal Techblog
Because we can!| Silent Signal Techblog
I was in a meeting with a client earlier today – they were discussing hardware changes, software version control, promotion flow and how to set it up. A mix of folks in attendance; one software developer and a host of vocal application managers confused by software lifecycle tracking, with limited IBM i expertise, but wanting […]| Nick Litten [IBM i AS400 iSeries] Software Developer
I’ve spent decades wrangling RPG code on AS400, iSERIES and IBM i systems. You know the drill: endless source files, green screens, and that nagging pull to modernize without breaking everything. Very repetetive and prone to broken code because of a finger slip, a mistyped line of code or a fat-finger moment on the keyboard. […]| Nick Litten [IBM i AS400 iSeries] Software Developer
Once upon a time in a land of legacy systems and mystical green screens, brave programmers roamed freely with passwords like “123456” and “PASSWORD1.” But then came the prophecy: “Thou shalt not allow weak credentials to guard thy sacred data.” And thus began the quest to enforce secure IBM i passwords. Or did it? Well… […]| Nick Litten [IBM i AS400 iSeries] Software Developer
IBM i SQL Stored Procedures are the King of the IBM i Database Jungle Welcome to a deep dive into the world of database management! Today, we’re focusing on a powerful tool that can transform how you handle data: stored procedures. Whether you’re working with IBM i, SQL Server, or another database system, stored procedures […]| Nick Litten [IBM i AS400 iSeries] Software Developer
The Hilarious World of IBM i TURNOVER PWM: A Quick Reference for Dinosaur Developers Ah, the IBM i (née AS/400, iSeries, or that big black box in the server room that refuses to die). If you’re like me, a software developer who’s somehow time-traveled from the ’90s, you’ve probably wrestled with change management tools that […]| Nick Litten [IBM i AS400 iSeries] Software Developer
In the ever-evolving world of programming, some languages stand the test of time by blending reliability with innovation. RPGLE (RPG for ILE, or Integrated| Nick Litten [IBM i AS400 iSeries] Software Developer
Videos in an Alternate World - VS Code Compile Issues with IBM i Source| Nick Litten [IBM i AS400 iSeries] Software Developer
Welcome back, fellow *cough* AS400 code wranglers and green-screen survivors! If your IBM i source files are starting to look like that one drawer in your desk where cables go to die, it’s time for a tidy-up. Today, we’re diving into how Visual Studio Code can turn your RPGLE and COBOL chaos into something resembling […]| Nick Litten [IBM i AS400 iSeries] Software Developer
From RPG to PHP: An IBMi Programmers Guide to Building Your First WordPress Plugin| Nick Litten [IBM i AS400 iSeries] Software Developer
Your IBM i Power System (not its not an AS400 and no its not an ISERIES don’t trigger me!) is a digital hoarder’s paradise, stuffed with decades of code. Now, an OS upgrade or a PTF (Program Temporary Fix, aka IBM’s version of a software Band-Aid) changes a command’s behavior. Suddenly, you need to recompile […]| Nick Litten [IBM i AS400 iSeries] Software Developer
Intro| Silent Signal Techblog
Picture this: you're sipping your morning cup of PG Tips Tea, contemplating a third hobnob biscuit dunker, ready to tackle another day of IBM i wizardry, when| Nick Litten [IBM i AS400 iSeries] Software Developer
Today is Power11 announcement day, and as sometimes happens during the debut of a new processor and a new platform to go along with it, we do not have all of the details necessary to tell you everything you need to know about the new Power11 processor and the four of the five Power Systems| IT Jungle
Faced with ever-growing security concerns, IBM i shops are “attacking” the problem and taking real steps to improve their security posture, Fortra says in its latest State of IBM i Security study. It is the second straight year that Fortra has noticed an improvement in IBM i shops’ approach to security. However, there are still| IT Jungle
Brace yourself because the IBM i platform has five security vulnerabilities that you have to analyze and cope with in this week’s issue of the IBM i PTF Guide. Let’s just jump right in and get to it. First, we have Security Bulletin: IBM WebSphere Application Server is affected by arbitrary code execution (CVE-2025-36038), about| IT Jungle
At the COMMON POWERUp 2025 conference this week, IBM pulled the covers back a bit on Watson Code Assistant for IBM i, the new name for the AI-powered coding assistant that IBM first started talking about one year ago. A public preview of WCA for i is becoming available to a limited number of testers,| IT Jungle
Brace yourselves, everyone. There are seven security vulnerabilities that you have to pay attention to this week for the IBM i platform. Remember, as security guru Carol Woodbury is fond of saying: the IBM i platform is not the most secure platform in the world, but the most securable platform in the world. You must| IT Jungle
Welcome to May, and we start out with PH65941, a notice from Big Blue that IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907 CVSS 4.1). You can check out this link for more details. IBM says that the fix for this APAR is set to be included with WebSphere Application Server 8.5.5.28| IT Jungle
Just a reminder that as part of the April 8 announcements, IBM Software Support content is changing to require entitlement check for software patches. See more at this link, but the gist of it is that IBM Software Support Troubleshooting, Question & Answer, and How To documents are changing to require entitlement. This means that| IT Jungle
It may be hard to believe, but with the launch of IBM i 7.6 today, it has been 13,440 days since OS/400 V1R1 was announced on June 21, 1988, and Big Blue has delivered 27 distinct releases of the OS/400 and IBM i platform with dozens of Technology Refresh interim updates between releases in the| IT Jungle
Big Blue today announced IBM i 7.6, the first new release of the operating system in three years. While version 7.6 brings a range of enhancements, arguably the biggest new feature is the addition of multi-factor authentication directly into the operating system, which will make adopting MFA simple and represent a “massive security improvement” at| IT Jungle
Good day, good people of IBM i Land. This week we start out with two security vulnerabilities and a known issue to beware of the BLOB! Let’s start with the security vulnerabilities. First we have Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Netty (CVE-2025-25193), which you| IT Jungle
As part of our ongoing research of the IBM i platform we monitor news and updates related to the platform. Two weeks ago IBM published a support article about a compatibility issue affecting IBM i Access Client Solutions (ACS) when running on Windows 11 24H2. The “no man’s land” between system boundaries is always a playground for hackers, and this article was fascinating because it pointed to the Local Security Authority subsystem of Windows:| Silent Signal Techblog
Preface| Silent Signal Techblog
Preface| Silent Signal Techblog
Post-exploitation is a crucial element of any attack aiming for realistic objectives, so it is no surprise that the topic is extensively researched, resulting in a trove of information that defenders can rely on to design and implement countermeasures. Unfortunately, owners of IBM i systems do not have the luxury of access to such information right now. This was one of the main ideas we discussed with Ben Williams of Chilli IT, who was kind enough to introduce us to IBM’s Brunch and Learn w...| Silent Signal Techblog
In our first blog post of 2023, we continue our series about penetration testing IBM i. This time we look into how the so-called Adopted Authority mechanism can be abused for privilege escalation if privileged scripts are not implemented with enough care.| Silent Signal Techblog
Our next journey takes us into the infrastructure of a bank. One element of the infrastructure was an IBM i (AS/400) server, and the only piece of information we got to conduct the penetration test was its IP address. We had been collecting a list of common application and service users during previous pentests, so we could check their existence on this host using 5250 and POP3 protocols. By the way, the server exposed 63 remote services – are all of them really necessary? Our first step ma...| Silent Signal Techblog
When you get the chance to take a look at the IT systems of financial institutions, telcos, and other big companies, where availability has been a key business concern for decades, you’ll find, that some critical operations run through some obscure systems, in many cases accessed via nostalgic green-on-black terminals, the intricacies of which only a few people inside the company truly know. These systems might be IBM i’s – or as many senior folks know, “AS/400” or “iSeries” –...| Silent Signal Techblog
