Re: Malicious Software Protection

Wed, 28 Mar 2012 14:13:13 -0700 

The problem is we don't believe. :-)


--
Radoslaw Skorupka
Lodz, Poland



W dniu 2012-03-28 22:45, Ray Overby pisze:

Yes, I believe I have a way to attack a mainframe system where I don't
have access.


Ray Overby
Key Resources, Inc.
Ensuring System Integrity for z/Series™
www.zassure.com
(312)574-0007


On 3/28/2012 02:03 AM, Elardus Engelbrecht wrote:

Ray Overby wrote:


I am a vendor so take my post with a grain of salt. For those that
don't like vendors to respond stop reading now...... (flame on)

I will take your post seriously. I have reviewed you webpage. Very
interesting.

You confirmed what I suspected, especially after those threads about
[mis]use of SVC.

One question if you don't mind please:

Can you use or prove your point (elevating TSO, suppress SMF, etc)
without being given access to a system in the first place? The idea is
that you could enter a system and elevate yourself and place somewhere
a signature to prove that you could 'white hack' the target system.

Just a yes or no, please, because I realize that due to the nature not
too much info can be divulged.



The ESM products did not stop the TSO user from exploiting this
vulnerability.

Very true. ESM is just a database.

As said many times on RACF-L, it is the caller which call ESM, the ESM
decides on what is found in its own database and report back with
RC=0/4/8 plus reason codes.

It is up to the whatever caller to honour the RC from an ESM.



If you are not concerned that your users can crash your z/OS system
at any time (maliciously or accidentally)

As I have said, it is the INSIDER who are probably the greatest threat.



--
Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku 
przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie 
jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem 
niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania 
adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie 
lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by 
karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie 
zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo 
wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku.
This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorised to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. 
BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00 00, fax 
+48 (22) 829 00 33, www.brebank.pl, e-mail: i...@brebank.pl
Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 0000025237, NIP: 526-021-50-88. Wedug stanu na dzie 01.01.2012 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.410.984 zotych. 

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Reply via email to