Here's one: By acting dumb (well, even more than usual) I got the Help
Desk where I worked to give me my name, the prod system id, my userid,
and a password reset. I gave no information other than calling from my
own desk phone.
The real reason for the call was that I heard they were using the same
string for all password reset requests, and (as one of the RACF support
people) I wanted to surreptitiously test that. But when they answered
the phone with "Hello Tom Brennan", I thought I'd take the ruse as far
as possible.
The Help Desk wants to help.
On 5/6/2019 7:03 PM, Bill Johnson wrote:
How do you get a userid for a mainframe hack attempt? How do you insure it’s
one with decent security access? Knowing very few have APF access.
I’ve never actually seen a mainframe hacked in 40 years and 15 different shops.
Also never heard of one at shops in the Ohio, Pennsylvania area that I didn’t
work. I’ve heard of potential holes but never seen it happen.
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 9:27 PM, Tom Brennan <t...@tombrennansoftware.com>
wrote:
Ok, but why is Windows easier to hack than the mainframe?
Personally, I'd find a mainframe far easier to hack because I know a
little bit about control blocks, APF auth, SVC's, subsystems, address
spaces, RACF, etc., and I know far less about the equivalents on
Windows. But of course the first step is to get any kind of userid, and
that's done by pretty-much the same methods - regardless of platform.
On 5/6/2019 1:18 PM, Bill Johnson wrote:
It’s why banks stay on the mainframe. Security.
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 4:09 PM, Bigendian Smalls
<mainfr...@bigendiansmalls.com> wrote:
Bill, would you care to back that sweeping generalization up with some detail?
On May 6, 2019, at 22:06, Bill Johnson
<00000047540adefe-dmarc-requ...@listserv.ua.edu> wrote:
Completely different. Hacking Microsoft is way easier.
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 3:53 PM, Bigendian Smalls
<mainfr...@bigendiansmalls.com> wrote:
Which is how 80% of all the hacks today start. Find purchase and advance your
position. This is how the game is played. It was as classic of a hack as
anything today.
On May 6, 2019, at 21:43, Bill Johnson
<00000047540adefe-dmarc-requ...@listserv.ua.edu> wrote:
Still never would have occurred without a valid userid.
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 3:18 PM, Charles Mills <charl...@mcn.org> wrote:
No.
From the link you cite:
"According to various sources, the hackers succeeded in finding (and exploiting) at
least 2 previously unknown errors enabling them to raise their authorisations in the
system. One of them was an error in an IBM HTTP server and the other one was an error in
the CNMEUNIX file, which in the default configuration has SUID 0 authorisations (which
means that by leveraging on the errors it contains, one is able to execute commands with
the system administrator’s authorisations)."
His "user" access to InfoTorg was not a problem for the mainframe. (It was a
problem for the MPAA lawyer whose account he accessed, but not for the mainframe in
general.) The above mainframe security vulnerability was.
Charles
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Bill Johnson
Sent: Monday, May 6, 2019 11:17 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: mainframe hacking "success stories"?
The Pirate Bay hack acquired a valid mainframe userid and password off of a
Microsoft laptop. In effect, not really a mainframe hack. He just logged on.
https://badcyber.com/a-history-of-a-hacking/
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 1:21 PM, Charles Mills <charl...@mcn.org> wrote:
#1: Noooooo. It was a legitimate mainframe hack (assuming you consider USS a
legitimate part of the mainframe, which it has been for 20 years or so). It was
an exploit of CGI buffer overrun.
#2: It drives me nuts to hear mainframers explain away mainframe breaches. "It wasn't really a mainframe
hack, they got in through USS." "It wasn't really a mainframe hack, they re-used a Windows
password." "It wasn't really a mainframe hack ... whatever." If your CEO was standing in front of
the press explaining how your company let x million credit card numbers go astray, would it matter HOW they got
into your mainframe, or only that they DID?" If your mainframe is vulnerable to a USS hack, or a shared
Windows password, or whatever, you need to fix THAT, or risk having to explain to your CEO why he got fired (like
Target's) for letting all those credit card numbers go astray.
Charles
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Bill Johnson
Sent: Sunday, May 5, 2019 10:00 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: mainframe hacking "success stories"?
Wasn’t really a mainframe hack. It was a laptop hack that acquired legitimate
mainframe credentials.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
