-----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Paul Dineen Sent: Thursday, April 19, 2007 1:31 PM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: T.J. Maxx data theft worse than first reported
Check out the 4/19 Mainstar press release regarding TJX and z/OS: http://www.mainstar.com/pdf/000-0123_Security_PR.pdf <SNIP> 1) a. How many run z/OS with 3 consecutive bad passwords = revocation of account (or some similar low number)? b. How many have a challenge system that must be passed before the account can be re-activated, and includes mandatory change of password? 2) Given #1.a, how many cracking attacks would succeed? (Yes, this is one needing a bit of math -- and yes, it only takes one, but that isn't the point). So in light of the Mainstar Press Release, it certainly appears to me that someone is trying to say that the security gateway on a mainframe is highly subject to cracking. But where does it say that a mainframe was specifically the portal through which the cracking took place? Or was it another system that was trusted by the z/OS system...? These are the kinds of marketing jabs that need to be looked at a bit critically. Regards, Steve Thompson ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html