#1: Noooooo. It was a legitimate mainframe hack (assuming you consider USS a legitimate part of the mainframe, which it has been for 20 years or so). It was an exploit of CGI buffer overrun.
#2: It drives me nuts to hear mainframers explain away mainframe breaches. "It wasn't really a mainframe hack, they got in through USS." "It wasn't really a mainframe hack, they re-used a Windows password." "It wasn't really a mainframe hack ... whatever." If your CEO was standing in front of the press explaining how your company let x million credit card numbers go astray, would it matter HOW they got into your mainframe, or only that they DID?" If your mainframe is vulnerable to a USS hack, or a shared Windows password, or whatever, you need to fix THAT, or risk having to explain to your CEO why he got fired (like Target's) for letting all those credit card numbers go astray. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Bill Johnson Sent: Sunday, May 5, 2019 10:00 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking "success stories"? Wasn’t really a mainframe hack. It was a laptop hack that acquired legitimate mainframe credentials. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
