On Monday, 10/08/2007 at 05:05 EDT, Marty Zimelis <[EMAIL PROTECTED]> wrote: > Lionel, > "Old news?" You really ought to read this stuff before forwarding links to > it. In the very first paragraph (after the intro), they show a line-mode log > on to VM/370 and make reference to 43xx and 30xx processors. This material is > 30+ years old.
It may be 30+ years old and may have some antique references, but those prompts are still in the system and appear on a linemode telnet session. The password overlay in linemode hasn't worked properly, of course, since CRTs came onto the scene. I suppose I should turn my attention to it one of these days.... The system weaknesses it talked about: - Allowing passwords on the LOGON and LINK command lines rather than unconditionally requiring a prompt when entered from the console. - Differentiating between a user that does not exist and an incorrect password during LOGON - Allowing the DIAL command without prior authentication all still exist. But the true gems in it are about human behavior: Failure to change the default passwords, failure to use an ESM to eliminate the need for minidisk passwords, failure to reject trivial passwords, failure to set a low number for lockout of a userid due to excessive invalid passwords within some time interval, putting mdisk passwords in EXECs, and so on. Most of those technology cannot fix. Alan Altmark z/VM Development IBM Endicott
