Don't know if this is part of the article aspects... Most people think that phishing does not threaten mainframes since the attack infrastructure is usually email (or phone). However, many organizations use password Sync, so no matter which password I get, it is the one that is used on the mainframe. Many other organizations use an email alias as userid@org. So the scammer probably asked for the internal email and got the user on the mainframe as well.
All that just to say that technology tried to save us the need/risk to remember/write-down a lot of passwords but raised new threats. ITschak *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* On Thu, May 12, 2022 at 1:12 PM Seymour J Metz <sme...@gmu.edu> wrote: > No, SYSCTLG and CVOLs had key length 8, to say nothing of PDS directories. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > ________________________________________ > From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf > of Tom Brennan [t...@tombrennansoftware.com] > Sent: Wednesday, May 11, 2022 7:03 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: The Story of Mainframe Passwords > > I remember that dataset. When I first started, one of my jobs was to > run a program someone had written that read every record looking for a > dataset match, and then spit out the password. That was for folks who > forgot their dataset password of course. The program took maybe 10 > minutes to run, and one day I figured out it was probably the only > dataset on the system that used the K in CKD, so I reworked the program > to use the key and it could then find a particular record in an instant. > > On 5/11/2022 3:07 PM, Gibney, Dave wrote: > > Including when password had nothing to do with authentication and system > access. The PASSWORD file (yes, single level dataset name) was used to > implement PASSWORD protection for specific datasets. > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
