Nick, I am focusing on IBM WebSphere MQ security at the moment. One of the most common platforms that this runs on is OS/390 or z/OS. Since WMQ can be compromised if the OS is compromised, I am interested in any penetration test methods or weaknesses that exist in 'big box' security. I would like to put together an attack tree for z/OS or OS/390 and understand the vulnerabilities of these systems. I would appreciate it for would forward anything you find to me or any really good URLs.
Kind Regards Steve ------------------------------ Steven Lane Information Security Consultant Alphacourt Limited Email: [EMAIL PROTECTED] www: http://www.alphacourt.com ------------------------------- -----Original Message----- From: visigoth [mailto:[EMAIL PROTECTED]] Sent: 30 January 2003 03:09 To: Nick Jacobsen Cc: [EMAIL PROTECTED] Subject: Re: z/OS, OS/390 Pen testing tips/ideas/papers? On Tue, Jan 28, 2003 at 05:24:22AM -0800, Nick Jacobsen wrote: > Hi all, > One of my clients has an IBM OS/390 running on one of their networks I > am doing some security testing on, and considering I really have not dealt > with any IBM mainframes before when it comes to security, I was hoping that > some of you might be able to point me the right direction. Anything would > be helpful, but especially from a penetration viewpoint. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
