Hi Lindy,
Oh yeah, social engineering is one that does get tried often. If I only had a few nickels for every time somebody has cold called saying that they are from IBM, or one of our ISVs, or even someone claiming to be from big name companies that we may or may not do business with. They are always friendly, and very persistant. They always want to "verify account information" or talk to the boss, or promise the results of a survey, or prizes, or whatever to get information. Lots of time they will try to find out info about the configuration of the shop - both hardware and software. I always ask them for THEIR information. Usually, they can't get off the phone fast enough! Then I pass the word around to the co-workers that another phisher is lurking. Linda ----- Original Message ----- From: "Lindy Mayfield" <lindy.mayfi...@ssf.sas.com> To: IBM-MAIN@bama.ua.edu Sent: Thursday, October 14, 2010 5:55:01 AM Subject: Re: Mainframe hacking? I didn't see anyone explicitly mention "social engineering". IMO this may be an easier way to get a not-very-technical user's id, but then you are back to how to hack with a "normal" user TSO account. But if a system guy gave out a password for an reason then, well, you know. What about digging through the trash? Dropping some USB sticks around with interesting programs on them? A few people mentioned some few months back how to get a program authorized from a non-authorized library (or something like that), but nobody gave any details. For sure no script kiddies should ever get in, and if they did they wouldn't know what to do. One thing I didn't see in this thread, was what is the purpose of this hacking. What is to be gained? Sensitive information would be one thing I can think of. Lindy ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
