W dniu 2019-05-07 o 21:33, ITschak Mugzach pisze:
There are ways to collect IDs that might be used to penetrate the
mainframe:
- users defined to UADS but not to RACF.
I properly managed system UADS-only user cannot even succesfully logon.
However it is not a problem since in properly configured system it is
absolutely prohibited to have such users.
- IBMUSER is active and password wasn't changed.
Another example for elementary human mistake, not a proof for platform leak.
- Users assigned to products. until x/os 2.2, if no password assigned,
the password was the default group (TX ibm for fixing that). userid's can
be guessed.
Another example for elementary human mistake, not a proof for platform leak.
- old os versions used to have some TSOxx userid's.
Another example for elementary human mistake, not a proof for platform leak.
- without naming a product, -( the uss directories and logs of some
password sync and governance solutions are not protected.
???
and some other techniques that can't be described here. In short, there are
ways.
Typical. I know, but I can't tell you, however trust me, there are ways.
No.
--
Radoslaw Skorupka
Lodz, Poland
======================================================================
Jeśli nie jesteś adresatem tej wiadomości:
- powiadom nas o tym w mailu zwrotnym (dziękujemy!),
- usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub zapisałeś
na dysku).
Wiadomość ta może zawierać chronione prawem informacje, które może wykorzystać
tylko adresat.Przypominamy, że każdy, kto rozpowszechnia (kopiuje, rozprowadza)
tę wiadomość lub podejmuje podobne działania, narusza prawo i może podlegać
karze.
mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950
Warszawa,www.mBank.pl, e-mail: kont...@mbank.pl. Sąd Rejonowy dla m. st.
Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, KRS 0000025237,
NIP: 526-021-50-88. Kapitał zakładowy (opłacony w całości) według stanu na
01.01.2018 r. wynosi 169.248.488 złotych.
If you are not the addressee of this message:
- let us know by replying to this e-mail (thank you!),
- delete this message permanently (including all the copies which you have
printed out or saved).
This message may contain legally protected information, which may be used
exclusively by the addressee.Please be reminded that anyone who disseminates
(copies, distributes) this message or takes any similar action, violates the
law and may be penalised.
mBank S.A. with its registered office in Warsaw, ul. Senatorska 18, 00-950
Warszawa,www.mBank.pl, e-mail: kont...@mbank.pl. District Court for the Capital
City of Warsaw, 12th Commercial Division of the National Court Register, KRS
0000025237, NIP: 526-021-50-88. Fully paid-up share capital amounting to PLN
169,248,488 as at 1 January 2018.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN