How was a mainframe breach detected? A TSOID trying to access a ton of files they didn't have access too.
(link to Share PDF 'how hackers breached a government (and a bank)' by Soldier of Fortran below.) https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=2ahUKEwj9qtK9kc7iAhUN-6wKHaMpAewQFjAAegQIABAC&url=https%3A%2F%2Fshare.confex.com%2Fshare%2F124%2Fwebprogram%2FHandout%2FSession16982%2FHow%2520Hackers%2520Breached%2520a%2520Government%2520(and%2520a%2520Bank).pdf&usg=AOvVaw1lvSNyZEIct1DU7WLqm4hY On Mon, Jun 3, 2019 at 4:42 PM Seymour J Metz <sme...@gmu.edu> wrote: > > This whole thread has consistently confused several very different issues: > > 1. How secure is z/OS itself? > > 2. How secure is 3rd party software? > > 3. How secure is the typical shop running z/OS? > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > ________________________________________ > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of > Clark Morris <cfmt...@uniserve.com> > Sent: Sunday, June 2, 2019 9:57 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Just how secure are mainframes? | Trevor Eddolls > > [Default] On 2 Jun 2019 14:46:41 -0700, in bit.listserv.ibm-main > 00000047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote: > > >He’s trying to sell his company’s security services. Something I thought was > >not allowed on this list. > > > Whether or not he is selling something and I don't read his posts that > way, he is making some valid points. As a retired MVS (I was back in > applications by the time z/OS was available) systems programmer, I am > far more skeptical about the invulnerability of z/OS. It is too easy > to have decades old stuff still in a system in part because people > don't know why it is there or are unaware of its existence. How much > effort is required for an installation to achieve even 95 percent of > the invulnerability that is theoretically possible and keep that up. > How many holes are left in the average shop because people don't > understand the implications of all of both IBM and vendor defaults > where I will almost guarantee that there are at some defaults that > leave a system open to hacking. I think that it is difficult to > understand all of the implications of an action. Many shops may be > running exits or other systems modifications that have worked for > decades and because they work, no one has checked them to see if they > have an unintended vulnerability. I hope that none of my code that is > on file 432 of the CBT Tape (Philips light mods) has any vulnerability > but the thing that scares me is that I might not be smart enough to > find it even if I was looking for it. Good security isn't cheap. Z/OS > may be the most secure starting base but it requires real effort to > actually implement it with both good security and good usability. How > much vulnerability is there in the test systems? How much are the > systems programmer sandboxes exposed to the outside world? What > uncertainties exist in systems vendor code? Are organizations willing > or able to periodically test their systems' vulnerabilities? Can be > secure does not mean is secure? > > Clark Morris > > > >Sent from Yahoo Mail for iPhone > > > > > >On Sunday, June 2, 2019, 4:04 PM, Seymour J Metz <sme...@gmu.edu> wrote: > > > >> * As part of a APF authorized product there is a SVC or PC routine > >> that when called will turn on the JSBCAUTH bit > > > >Ouch! > > > >If it's APF authorized then why does it need to do that? And why would you > >allow such a vendor in the door? > > > >Did you have a tool that discovered that the vendor's SVC turned on > >JSCBAUTH, or did you have to read the code like the rest of us? > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
