Few days ago, I don't remember who and if it was here or at racf-l, someone asked about a known case of a mainframe ransomware attack by encrypting the disks. Few years ago we performed a whitehat attack at a large insurance company. WE started with the DS8xxx HMC server. A short RTFM showed that there is a scrypt to reset the password of the DS8000 to it's defaults. We then were able to manage the LUNs, and ofcourse delete them, encrypt them and so on.
What I am trying to say is that one doesn;t have to access the mainframe itself in order to access the data... And again, password sync and sso makes life easier. Remember that when pirate bay penetrated Logica, he had no clue on mainframes, but was able to stay for almost 1.5 years. MY 2 cents ITschak ITschak Mugzach *|** IronSphere Platform* *|* *Information Security Continuous Monitoring for z/OS, x/Linux & IBM I **| z/VM coming soon * ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN