Bad Auditor Requests (Was Re: Hardware Alerts)
My favorite was an auditor that wanted a printout of our /etc/passwd. This was a VM/SP system. When we stopped laughing at him and told him we didn't have such security holes, he went away. /Tom Kern On Wed, 21 May 2008 10:32:27 -0400, Daniel McLaughlin <[EMAIL PROTECTED]> wrote: >One of my favorite requests was for a vendor doing a conversion. He wanted >all the passwords for user accounts in RACF. After being told three times >that it was encrypted and not obtainable he went away muttering. > >Daniel McLaughlin -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Bad Auditor Requests (Was Re: Hardware Alerts)
> -Original Message- > From: IBM Mainframe Discussion List > [mailto:[EMAIL PROTECTED] On Behalf Of Thomas Kern > Sent: Wednesday, May 21, 2008 10:52 AM > To: IBM-MAIN@BAMA.UA.EDU > Subject: Bad Auditor Requests (Was Re: Hardware Alerts) > > My favorite was an auditor that wanted a printout of our > /etc/passwd. This > was a VM/SP system. When we stopped laughing at him and told > him we didn't > have such security holes, he went away. > > /Tom Kern What? You didn't give him your USER DIRECT? -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology The information contained in this e-mail message may be privileged and/or confidential. It is for intended addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication is strictly prohibited and could, in certain circumstances, be a criminal offense. If you have received this e-mail in error, please notify the sender by reply and delete this message without copying or disclosing it. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Bad Auditor Requests (Was Re: Hardware Alerts)
Our instructions were to give them EXACTLY what they ask for or nothing. If he had asked in a more general way for a listing of user definitions, I would have prepared a sanitized USER DIRECT, but he was explicit and insistent on getting /etc/passwd. That was what was on his unix checklist. /Tom Kern On Wed, 21 May 2008 10:54:49 -0500, McKown, John <[EMAIL PROTECTED]> wrote: >> -Original Message- >> >> My favorite was an auditor that wanted a printout of our >> /etc/passwd. This >> was a VM/SP system. When we stopped laughing at him and told >> him we didn't >> have such security holes, he went away. >> >> /Tom Kern > >What? You didn't give him your USER DIRECT? > >-- >John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Bad Auditor Requests (Was Re: Hardware Alerts)
Long ago I was brought in to help the consulting company where I worked audit a government agency's VM system. The agency was running multiple levels of classified work under VM, claiming it was secure. The folks doing the security audit wanted to talk about all sorts of technical penetrations but I suggested something simpler: Look at Execs on public system disks, see what minidisks they linked to, examine what was on those disks, look for more Execs with links, rinse, repeat, etc. A couple days later they put a printout of the system directory on the director's desk with a note that security wasn't as tight as claimed. Don't neglect the ability of morons to make a secure system insecure... Thomas Kern said: My favorite was an auditor that wanted a printout of our /etc/passwd. This was a VM/SP system. When we stopped laughing at him and told him we didn't have such security holes, he went away. -- Gabriel Goldberg, Computers and Publishing, Inc. (703) 204-0433 3401 Silver Maple Place, Falls Church, VA 22042[EMAIL PROTECTED] -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html