Re: Security is fun in the PC world....

[R.S.]

W dniu 2011-08-19 10:07, Jim Thomas pisze:
Folks,
Why does everybody insist on overlooking the obvious ??.

The hell with how quickly you apply fixes.
Agreed.

MVS (or OS/390 or z/OS or whatever you want to call it) has
NEVER been hacked or destroyed by an ex employee !!.

How do you know?
Do you expect any financial company to make an advertisement "Hello! 
We're open for hackers!". I suspect that no company want do disclose it.

In fact, let me re-state that .. the mainframes HAVE NEVER
been hacked or destroyed by an ex employee !!.

Well, I know such evidence (maybe it was misuse - it's a matter of 
definition of "been hacked"), cannot provide details.
Another, publicly known example: Kevin Mitnick. Obviously he wasn't 
ex-employee (is it better?), and he hacked people, not systems. So?

Some remarks:
1. "Mainframe system" could mean z/OS or poorly configured Linux. Is the 
Linux on mainframe any more secure than Linux on PC? IMHO the difference 
is none or very small.
2. Usually "mainframe systems" are big, very big or huge installations 
when compared to PC installations. There is no reason to compare small 
PC server in small company to huge financial system.
3. Ex-employees hacking, social hacking - that could affect any 
platform, the platform resilience play minor role here. Again, usually 
the bigger comany the better rules apply.
4. Obviously (for us, mainframers) it's much easier to set up secure 
mainframe shop, that to set up secure PC installation. More, PC 
installation cannot achieve the level of security which is available for 
mianframe (with z/OS). It's like bank safe and tent: you can leave both 
open - and security is comparable (and poor). You can also try to secure 
both - then you have good effects with safe, but still poor effects with 
a tent.

Regards
--
Radoslaw Skorupka
Lodz, Poland


--
Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku 
przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie 
jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem 
niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania 
adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie 
lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by 
karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie 
zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo 
wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku.

This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorised to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. 

BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00 00, fax 
+48 (22) 829 00 33, e-mail: i...@brebank.pl
Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 0000025237, NIP: 526-021-50-88. 
Wedug stanu na dzie 01.01.2011 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.346.696 zotych.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html