Hi Bob,
From what I recall, the bad guys had "READ" to the RACF Database. (It
helps to have incompetent SecAdmin staff and auditors.)
They downloaded it and then dictionary-attacked it easily, because there
was no password limitation and there was no trivial-password-exclusion list.
Also, NVAS had no security. That is, once in, the hackers could logon to
any 3270 application from the main panel.
Regards,
David
On 2021-10-08 10:54, Bob Bridges wrote:
The way I read in the long Polish article about the Logica hack, when I researched it back
in 2013, is that there was speculation about USS and about an HTTP flaw, but the forensics
folks in the end thought they probably got hold of a password in the good old-fashioned way
and went from there. They did indeed find and exploit USS configuration goofs. And the
HTTP flaw is real
(https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2012-5955&data=04%7C01%7C%7Ccd9662019d7c471e41b208d98a6b83b3%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637693016700068298%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=URXCTpLeeXlb7WraJx2DMcyoy1AfPLKyhn3Nc1jECxQ%3D&reserved=0),
but Logica's post-hack report doesn't mention it; so they, at least, didn't think it
figured into the original break-in or in the culprits' activities afterward.
---
Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313
/* I've never hated a man enough to give him his diamonds back. -Zsa-Zsa Gabor
*/
-----Original Message-----
From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of
Charles Mills
Sent: Thursday, October 7, 2021 18:49
Assuming you don't count Logica. ("Oh, that wasn't a real mainframe hack, they came
in through USS.")
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Bill Johnson
Sent: Thursday, October 7, 2021 3:21 PM
You’d have to be a poorly run shop to permit any of those to occur. Maybe
that’s why mainframe hacks have actually never happened....
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN