1964? What is the 7090, chopped liver?
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Bill Johnson <00000047540adefe-dmarc-requ...@listserv.ua.edu> Sent: Monday, May 6, 2019 8:21 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking "success stories"? Read up. https://secure-web.cisco.com/1Ek9Ay2eea5LMyHGSr_VI0lyNAf1W-23MmrrCjkI3sDnySsBU6IfTzOti5Ei3oq3bKwmnrM1BjsWwe2CFkEGM5mcVxDN9VlsXVTyK-vvRwSNT1crAxZ-qd4W23tb7AAaj1olsa1Z_CJikpLITtzS5j5Uc6FHGAWXJMgRqJfj98g4uo01j3uxWurqq_TpAqZtGgJf6AJkLsKF4bn4zEWkLU7M0OA9Yap0M9BM416WaZIyen9fc5JAhYA3_G_DhpgtS946GQlj8ZiZzE4dcG3hKoy8thlu0pTA2BHzUkbyFMX1uyCOHLJZikq_AtDbQNUp4g6Z0iqxTu3hWF3gs2NkeH8jQ2OicLiLJv7KgjVKb0XXsH-y74Z9uk5uAM108uMXqlbsyl8aoYSLJIherjwr_qrDGmBJwVylXy7b6tfb727hXlqCtNFJRuFV6Ei7g1ue8/https%3A%2F%2Fwww.allerin.com%2Fblog%2Fwhy-do-banks-still-use-mainframes Sent from Yahoo Mail for iPhone On Monday, May 6, 2019, 4:23 PM, ITschak Mugzach <imugz...@gmail.com> wrote: No. It has nothing to do with security. It is a lagend. Penetrated all my clients. The reason is convertion complexity, tco and simplicity. Security, in a nut shell is what your sysprog does. Only few security guys left to guide them. בתאריך יום ב׳, 6 במאי 2019, 23:18, מאת Bill Johnson < 00000047540adefe-dmarc-requ...@listserv.ua.edu>: > It’s why banks stay on the mainframe. Security. > > > Sent from Yahoo Mail for iPhone > > > On Monday, May 6, 2019, 4:09 PM, Bigendian Smalls < > mainfr...@bigendiansmalls.com> wrote: > > Bill, would you care to back that sweeping generalization up with some > detail? > > > On May 6, 2019, at 22:06, Bill Johnson < > 00000047540adefe-dmarc-requ...@listserv.ua.edu> wrote: > > > > Completely different. Hacking Microsoft is way easier. > > > > > > Sent from Yahoo Mail for iPhone > > > > > > On Monday, May 6, 2019, 3:53 PM, Bigendian Smalls < > mainfr...@bigendiansmalls.com> wrote: > > > > Which is how 80% of all the hacks today start. Find purchase and > advance your position. This is how the game is played. It was as classic of > a hack as anything today. > > > >> On May 6, 2019, at 21:43, Bill Johnson < > 00000047540adefe-dmarc-requ...@listserv.ua.edu> wrote: > >> > >> Still never would have occurred without a valid userid. > >> > >> > >> Sent from Yahoo Mail for iPhone > >> > >> > >> On Monday, May 6, 2019, 3:18 PM, Charles Mills <charl...@mcn.org> > wrote: > >> > >> No. > >> > >> From the link you cite: > >> > >> "According to various sources, the hackers succeeded in finding (and > exploiting) at least 2 previously unknown errors enabling them to raise > their authorisations in the system. One of them was an error in an IBM HTTP > server and the other one was an error in the CNMEUNIX file, which in the > default configuration has SUID 0 authorisations (which means that by > leveraging on the errors it contains, one is able to execute commands with > the system administrator’s authorisations)." > >> > >> His "user" access to InfoTorg was not a problem for the mainframe. (It > was a problem for the MPAA lawyer whose account he accessed, but not for > the mainframe in general.) The above mainframe security vulnerability was. > >> > >> Charles > >> > >> > >> -----Original Message----- > >> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Bill Johnson > >> Sent: Monday, May 6, 2019 11:17 AM > >> To: IBM-MAIN@LISTSERV.UA.EDU > >> Subject: Re: mainframe hacking "success stories"? > >> > >> The Pirate Bay hack acquired a valid mainframe userid and password off > of a Microsoft laptop. In effect, not really a mainframe hack. He just > logged on. > https://secure-web.cisco.com/1dtkcrw3UvHDAtHJYgwJLS8NUA5haI3DOoWEHAzRQftl-uSTNSVRZ3xNHIrc5jRBOC5iDUNVz7uX3xQ-PwPmENDdlnSuTzgOMOISGCvKvXM2At3PZhxdNO_PDabkKbWBha9KqL4l89YHhfsaeUk1dUmHOI2aZYHdjbH_PCw0vv6YLKYtoIMk8iOYMAcQVmprdSagagmxYOUmWzjMxXMj4OfXk9QpJWh5PJyPhAlQI_1tB5oinEdbZBzzLVtgGYqGdLe02Ccp3ig2DbwWUWKIDv_2R3raHkIJRZ9ZsmzAFgqdFvOnMuH5_LfBzegcfKxIpNq_Rg-0KzkF18-0ajn2LhKTIsdRO_n9m1GFYbOVFZ8zbxT6wBxlCv9ZWEf9OxIOgTx2svjfkNyCPyDejRjD_K8AqBEwPKotd2V0dmmbHFwy3RVCrxlngG8oZ4aIASFU6/https%3A%2F%2Fbadcyber.com%2Fa-history-of-a-hacking%2F > >> > >> Sent from Yahoo Mail for iPhone > >> > >> > >> On Monday, May 6, 2019, 1:21 PM, Charles Mills <charl...@mcn.org> > wrote: > >> > >> #1: Noooooo. It was a legitimate mainframe hack (assuming you consider > USS a legitimate part of the mainframe, which it has been for 20 years or > so). It was an exploit of CGI buffer overrun. > >> > >> #2: It drives me nuts to hear mainframers explain away mainframe > breaches. "It wasn't really a mainframe hack, they got in through USS." "It > wasn't really a mainframe hack, they re-used a Windows password." "It > wasn't really a mainframe hack ... whatever." If your CEO was standing in > front of the press explaining how your company let x million credit card > numbers go astray, would it matter HOW they got into your mainframe, or > only that they DID?" If your mainframe is vulnerable to a USS hack, or a > shared Windows password, or whatever, you need to fix THAT, or risk having > to explain to your CEO why he got fired (like Target's) for letting all > those credit card numbers go astray. > >> > >> Charles > >> > >> > >> -----Original Message----- > >> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Bill Johnson > >> Sent: Sunday, May 5, 2019 10:00 AM > >> To: IBM-MAIN@LISTSERV.UA.EDU > >> Subject: Re: mainframe hacking "success stories"? > >> > >> Wasn’t really a mainframe hack. It was a laptop hack that acquired > legitimate mainframe credentials. > >> > >> ---------------------------------------------------------------------- > >> For IBM-MAIN subscribe / signoff / archive access instructions, > >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > >> > >> > >> > >> ---------------------------------------------------------------------- > >> For IBM-MAIN subscribe / signoff / archive access instructions, > >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > >> > >> ---------------------------------------------------------------------- > >> For IBM-MAIN subscribe / signoff / archive access instructions, > >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > >> > >> > >> > >> ---------------------------------------------------------------------- > >> For IBM-MAIN subscribe / signoff / archive access instructions, > >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > > > > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
