> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[email protected]] On Behalf Of Lindy Mayfield > Sent: Thursday, October 14, 2010 12:25 PM > To: [email protected] > Subject: Re: Mainframe hacking? > > The whole point, I think, is to get it by the system's guys. > Not sure how to do that. So much easier on Windows. Still > there are coming more and more "freeware" MVS utilities, like > showmvs. (It can run authorized I think, yes?) I don't > think that it is that carefully audited, somebody could slip > something into there. Or some ported tool like TSOCMD. > > It would be very unlikely that something like that would get > by you guys, but good sysprogs are getting fewer and fewer, > and, as an inside job perhaps, someone may easily trick an > admin into installing some useful utility that has been compromised.
And much easier in the UNIX environment where there is even more ignorance about why to not do: exattr +ap -F BIN myEvilProgram which could be hidden in the installation script. Or even in the compiled program where it couldn't be seen. And installed with SMP/E when running with SUPERUSER authority. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-691-6183 cell [email protected] * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
