The whole point, I think, is to get it by the system's guys. Not sure how to do that. So much easier on Windows. Still there are coming more and more "freeware" MVS utilities, like showmvs. (It can run authorized I think, yes?) I don't think that it is that carefully audited, somebody could slip something into there. Or some ported tool like TSOCMD.
It would be very unlikely that something like that would get by you guys, but good sysprogs are getting fewer and fewer, and, as an inside job perhaps, someone may easily trick an admin into installing some useful utility that has been compromised. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of David Cole Sent: Thursday, October 14, 2010 7:27 PM To: [email protected] Subject: Re: Mainframe hacking? At 10/14/2010 12:24 PM, Chris Craddock wrote: >(as Bob knows) it is impossible to create/install a malicious FLIH or >SVC or PC without already having the keys to the kingdom anyway. >That is the foundation of integrity and the reason why the installation >has to appropriately protect system datasets and APF libraries. Well that's just the problem, Chris, isn't it... The keys to the kingdom really are not well guarded. That's what my 2006 post was all about. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
