There are two very different questions. 1. Is it safe to run multilevel security on this platform?
2. Is it safe to run multilevel security at this site? If the answer to the second question is no, then the answer to the first is irrelevant. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Gabe Goldberg <g...@gabegold.com> Sent: Wednesday, May 8, 2019 12:40 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking "success stories"? Long ago I was asked for advice on proving that it was unsafe running multiple levels of classified material on VM, in a data center where the manager had -- of course -- insisted that it was. Whether or not that was true (and whether or not it could be proven), I suggested first experimenting with issues such as Tim mentions. Such as starting at the system S and Y disks (where IBM and installation system software, utilities, and tools lived), examining Execs for Link commands, and following them where they led. A few days later, the tester placed a printout of the -- unencrypted, with passwords -- system directory on the manager's desk. I don't know what followed but wonder if they were still allowed to run any classified work. Timothy Sipples <sipp...@sg.ibm.com> said: That said, I'm quite concerned (paranoid, even) because these wonderful security features so frequently either aren't implemented at all or are implemented badly, inconsistently. Also, unfortunately, there are far too many organizations running unsupported technologies with known security vulnerabilities, and there are even more that do not have reasonable, timely preventive maintenance programs that they execute consistently and well. -- Gabriel Goldberg, Computers and Publishing, Inc. g...@gabegold.com 3401 Silver Maple Place, Falls Church, VA 22042 (703) 204-0433 LinkedIn: http://secure-web.cisco.com/1nFG-F-LQeWf6Rjs_reP7vF8EPayKPR5DDz_cI7aCm7XzBKPavGdna_aPEB_qBXEWBAn0sA8lpu99iyBHpwSOUphAgj-cxbHdJQRt6lGDW_hh6nfq4PxzTuFC1sG9HOspjLCQE58qZPyRseIgJwQmHFsxvm0rTCkRW5uaGJGQq7bEep1qdUy62yvHf_O9LZe2tY3777p26cNp8LiJhkgiqu3xoMAaIAOy2uZpoxelbII3hKySBXdqhu1LW4DRfsUp--a2M239xvh9R3JK6-keXvkIefD4KZPnq3K_v0SMfctXfL5kLu7RTsFDjOGnzgfDrouqxgsVmBfkjqJeTypazohjI3x0Qvn1kVQ63tk_pdY4gQSi5bToFc2COU4RUXyK/http%3A%2F%2Fwww.linkedin.com%2Fin%2Fgabegold Twitter: GabeG0 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN