date:20130105

Re: Security vulnerability in IBM HTTP Server for z/OS Version 5.3 (PM79239)

2013-01-05 Thread Ed Finnell

"Call us if you don't get this message?"
 
 
In a message dated 1/5/2013 6:10:28 P.M. Central Standard Time,  
walt.farr...@gmail.com writes:

If  that's not happening for you I suggest checking your settings  the

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security vulnerability in IBM HTTP Server for z/OS Version 5.3 (PM79239)

2013-01-05 Thread Shmuel Metz (Seymour J.)

In
,
on 01/04/2013
   at 01:35 PM, Peter Relson  said:

>It is somewhat alarming that several posted that they are not 
>signed up for the security portal. Someone also posted that they 
>are signed up for red alerts and asked why it was not sent that 
>way.

Are there sensitive data in the security portal? If so, why? If not,
why not include the security alerts in the red alerts?

-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 Atid/2
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security vulnerability in IBM HTTP Server for z/OS Version 5.3 (PM79239)

2013-01-05 Thread Shmuel Metz (Seymour J.)

In ,
on 01/03/2013
   at 09:35 PM, "Staller, Allan"  said:

>Security/Integrity information is now specifically restricted to
>registered users of Resource Link.

Does that mean that they are more strict about handing out details, or
less strict? Specifically, when a customer creates an ETR for a
security problem and requests that the details not be included in the
publicly accessible data, will IBM now hand those data out to non-IBM
users of Resource Link?

-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 Atid/2
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Grant permission for TSO Account command

2013-01-05 Thread Shmuel Metz (Seymour J.)

In
,
on 01/03/2013
   at 08:04 PM, Angel Tamayo  said:

>I'm migrating to zOS 1.11 from an unsupported zOS level, I defined a
>new SYS1.BRODCAST and now I'm trying to format and synchronize but I
>got COMMAND NOT AUTHORIZED FOR userid.

Are you using UADS or TSO segments? Did you carry over all of your
profiles from the old RACF data base? What's in your IKJTSOxx?
 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see  
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security vulnerability in IBM HTTP Server for z/OS Version 5.3 (PM79239)

2013-01-05 Thread Walt Farrell

On Sat, 5 Jan 2013 16:24:34 +0100, R.S.  wrote:
>BTW: I'm signed to both portals. Redalert is better, because it notifies 
>me by email about news (no details in the mail AFAIR), but security 
>portal does not send notifications. Maybe this is matter of some 
>personalization?

My understanding when we set up the security portal was that it would send 
email to notify you of changes, Radoslaw. If that's not happening for you I 
suggest checking your settings there.

-- 
Walt

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Products to produce/modify AFP resources for use on z

2013-01-05 Thread Roger Bolan

Yes.  I agree with that recommendation.  One of the links I gave earlier
was to
http://www.infoprint.com/internet/ipww.nsf/vwWebPublished/sw_create_en#h1
and if you scroll down on that page, you will find the Elixir Design Pro
Tools in the list of products for creating and managing AFP resources and
data streams.
--Roger


On Thu, Dec 20, 2012 at 5:17 AM, Gilbert Cardenas <
gilbertcarde...@grocerybiz.com> wrote:

> Hi Linda, we are a Xerox shop and the product we use is called Elixir
> Design Pro Tools.  It falls in the low cost category.
> It's not free but not terribly expensive either.  I believe they have an
> AFP module.  I'm not sure what the cost comparison is between the Xerox and
> AFP modules are though.
> http://www.elixir.com/DesignPro-Tools.html
> It allows us to create/modify forms, fonts, graphics.
>
> Regards,
> Gil.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Does Anyone Have Tape Drives

2013-01-05 Thread Eric Bielefeld


I quoted below a part of an email, and changed the subject.

Barbara - are you saying that very few have tape drives anymore, or just 
people with ADCD systems?  I know most of the systems I work with have tape 
drives, but not all.


There is one database I load for a customer every other month.  It's a 
database of all the name and addresses of everyone in the US that companies 
use for their advertising I assume.  The company that makes it said in the 
middle of last year that they weren't going to send tapes anymore.  The 
database is 2 3590 tapes, so it is pretty large.  I tried several times 
downloading the database to my laptop and FTPing it to the client.  I could 
never get it to work!  After opening a problem with the vendor of the 
database, and much discussion, they said that for mainframes they would 
still send tapes.  What a relief.  I NEVER have problems loading tapes.


I can see tapes not being used for a small account, but I can't imagine them 
not being used for larger accounts.  I have to believe its cheaper to back 
up to tape than to DASD, and also a lot safer.  If the dasd is in the same 
room, if a disaster occurs, its gone too.  If its elsewhere, you need really 
high speed lines, plus updates are a lot slower.  Tapes can be cheaply 
shipped off site and stored in a hopefully secure vault.


Just curious if tapes are in general going away.

Eric Bielefeld
Sr. Systems Programmer


- Original Message - 
From: "ibmmain" 

Subject: Re: FTP "ERRORS" [was: RACF on an ADCD system]


Our ADCD system certainly does not have tape drives (does anyones'?), so all 
ftp went DASD to DASD, with the receiving dataset preallocated. I realize 
that having no tape drives doesn't mean the support wouldn't be in 1.13.



Barbara


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security vulnerability in IBM HTTP Server for z/OS Version 5.3 (PM79239)

2013-01-05 Thread Steve Comstock


On 1/5/2013 8:24 AM, R.S. wrote:

I agree that every z/OS customer should be signed up for both portals, but...
HOW CUSTOMER WOULD LEARN ABOUT IT?

Let's imagine: a comany buys mainframe, hire people, the people get some
trainigng (JCL, z/OS, SMP/E, many, many more...). Those people are wiling to
learn, to they read documentation and start using mainframe.
WHO SHOULD TELL THEM ABOUT THOSE PORTALS?

I think it is up to IBM to urge every customer to sign up some employees to the
portals. I repeat: EVERY customer.

Everytime I hear "you should know this" I ask "did I have a chance to know it?".


BTW: I'm signed to both portals. Redalert is better, because it notifies me by
email about news (no details in the mail AFAIR), but security portal does not
send notifications. Maybe this is matter of some personalization?


BTW2: We still don't know details about the security hole, but it must be BIG
HOLE, because of methods of communication which were used according to notify
customers about those holes.
Mails, phones, only heralds were not engaged (yet) ;-)))

Regards



Well, one problem is there is no longer a monolithic "IBM salesman"
staff. All but the largest customers are handled by a handful of
resellers with, I am sure, varying amounts of savy about these
portals, so the word could easily fall through the cracks at that
point.


--

Kind regards,

-Steve Comstock
The Trainer's Friend, Inc.

303-355-2752
http://www.trainersfriend.com

* To get a good Return on your Investment, first make an investment!
  + Training your people is an excellent investment

* Try our tool for calculating your Return On Investment
for training dollars at
  http://www.trainersfriend.com/ROI/roi.html

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security vulnerability in IBM HTTP Server for z/OS Version 5.3 (PM79239)

2013-01-05 Thread Ed Gould


R.S.

I agree however and here is always the maybe there *ARE* small shops  
out there that do not have email/browser capability. Heck maybe they  
don't have access to outside of the shop email/browser. How does IBM  
propose to handle those? I heard of one shop where IBM never visits  
so even word of mouth doesn't occur.

Ed

On Jan 5, 2013, at 9:24 AM, R.S. wrote:

I agree that every z/OS customer should be signed up for both  
portals, but... HOW CUSTOMER WOULD LEARN ABOUT IT?


Let's imagine: a comany buys mainframe, hire people, the people get  
some trainigng (JCL, z/OS, SMP/E, many, many more...). Those people  
are wiling to learn, to they read documentation and start using  
mainframe.

WHO SHOULD TELL THEM ABOUT THOSE PORTALS?

I think it is up to IBM to urge every customer to sign up some  
employees to the portals. I repeat: EVERY customer.


Everytime I hear "you should know this" I ask "did I have a chance  
to know it?".



BTW: I'm signed to both portals. Redalert is better, because it  
notifies me by email about news (no details in the mail AFAIR), but  
security portal does not send notifications. Maybe this is matter  
of some personalization?



BTW2: We still don't know details about the security hole, but it  
must be BIG HOLE, because of methods of communication which were  
used according to notify customers about those holes.

Mails, phones, only heralds were not engaged (yet) ;-)))

Regards
--
Radoslaw Skorupka
Lodz, Poland







W dniu 2013-01-04 19:35, Peter Relson pisze:
It is somewhat alarming that several posted that they are not  
signed up
for the security portal. Someone also posted that they are signed  
up for

red alerts and asked why it was not sent that way.

As I understand it, a red alert was sent out (perhaps this past July)
stating that the method for sending and alerting about security and
integrity PTFs is via the security portal. Simply, the security  
portal is

the red alert process for security and integrity PTFs.

Perhaps I am oversimplifying, but it seems that every customer  
should make

sure that they
-- are signed up for red alerts
-- pay attention to those red alerts
-- sign up for the security portal.
This should not be new news.

It should be well understood that z/OS provides few if any details on
integrity APARs.

The PTFs were available via the security portal on December 20. I  
have no
information about why they were not found the day after Christmas  
when

someone looked at  www.ibm.com/support.
But I'm glad to hear they are there now.

Peter Relson
z/OS Core Technology Design

- 
-

For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM- 
MAIN






--
Tre tej wiadomoci moe zawiera informacje prawnie chronione  
Banku przeznaczone wycznie do uytku subowego adresata.  
Odbiorc moe by jedynie jej adresat z wyczeniem dostpu osób  
trzecich. Jeeli nie jeste adresatem niniejszej wiadomoci lub  
pracownikiem upowanionym do jej przekazania adresatowi,  
informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie  
lub inne dziaanie o podobnym charakterze jest prawnie zabronione i  
moe by karalne. Jeeli otrzymae t wiadomo omykowo, prosimy  
niezwocznie zawiadomi nadawc wysyajc odpowied oraz trwale  
usun t wiadomo wczajc w to wszelkie jej kopie wydrukowane  
lub zapisane na dysku.


This e-mail may contain legally privileged information of the Bank  
and is intended solely for business use of the addressee. This e- 
mail may only be received by the addressee and may not be disclosed  
to any third parties. If you are not the intended addressee of this  
e-mail or the employee authorised to forward it to the addressee,  
be advised that any dissemination, copying, distribution or any  
other similar activity is legally prohibited and may be punishable.  
If you received this e-mail by mistake please advise the sender  
immediately by using the reply facility in your e-mail software and  
delete permanently this e-mail including any copies of it either  
printed or saved to hard drive.
BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829  
00 00, fax +48 (22) 829 00 33, www.brebank.pl, e-mail: i...@brebank.pl
Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego  
Rejestru Sdowego, nr rejestru przedsibiorców KRS 025237, NIP:  
526-021-50-88. Wedug stanu na dzie 01.01.2013 r. kapita  
zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.555.904  
zotych.



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@li

Re: Security vulnerability in IBM HTTP Server for z/OS Version 5.3 (PM79239)

2013-01-05 Thread R.S.

I agree that every z/OS customer should be signed up for both portals,
but... HOW CUSTOMER WOULD LEARN ABOUT IT?

Let's imagine: a comany buys mainframe, hire people, the people get some
trainigng (JCL, z/OS, SMP/E, many, many more...). Those people are
wiling to learn, to they read documentation and start using mainframe.

WHO SHOULD TELL THEM ABOUT THOSE PORTALS?

I think it is up to IBM to urge every customer to sign up some employees
to the portals. I repeat: EVERY customer.

Everytime I hear "you should know this" I ask "did I have a chance to
know it?".

BTW: I'm signed to both portals. Redalert is better, because it notifies
me by email about news (no details in the mail AFAIR), but security
portal does not send notifications. Maybe this is matter of some
personalization?

BTW2: We still don't know details about the security hole, but it must
be BIG HOLE, because of methods of communication which were used
according to notify customers about those holes.

Mails, phones, only heralds were not engaged (yet) ;-)))

Regards
--
Radoslaw Skorupka
Lodz, Poland

W dniu 2013-01-04 19:35, Peter Relson pisze:

It is somewhat alarming that several posted that they are not signed up
for the security portal. Someone also posted that they are signed up for
red alerts and asked why it was not sent that way.

As I understand it, a red alert was sent out (perhaps this past July)
stating that the method for sending and alerting about security and
integrity PTFs is via the security portal. Simply, the security portal is
the red alert process for security and integrity PTFs.

Perhaps I am oversimplifying, but it seems that every customer should make
sure that they
-- are signed up for red alerts
-- pay attention to those red alerts
-- sign up for the security portal.
This should not be new news.

It should be well understood that z/OS provides few if any details on
integrity APARs.

The PTFs were available via the security portal on December 20. I have no
information about why they were not found the day after Christmas when
someone looked at www.ibm.com/support.
But I'm glad to hear they are there now.

Peter Relson
z/OS Core Technology Design

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku
przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie
jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem
niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania
adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie
lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by
karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie
zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo
wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku.

This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorised to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive.

BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00 00, fax
+48 (22) 829 00 33, www.brebank.pl, e-mail: i...@brebank.pl
Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 025237, NIP: 526-021-50-88.
Wedug stanu na dzie 01.01.2013 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.555.904 zotych.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

$AVRS QUESTION - RETAINING SCREEN VALUES

2013-01-05 Thread John Dawes

G'Day & a Happy New Year to all,
 
Can anybody tell me how I can retain the vaules I entered in the selection 
criteria?  For example in the  EXTENDED DATE Date Filters Date in the Start 
Date I entered *.  This works, however when I hit PF3 and get back in again I 
lose that input.  For some reason in the Primary Filters  Name (JOBNAME- 
DE0P08*) is saved however in the START (EXTENDED DATE) the * disappears after I 
exit and get back in.
 
Below is an example:
-$AVRS (C) 1982,2008 CSI  PRIMARY CONTROL PANEL  REL 5.2A-07   
COMMAND ===>   
QUEST DIAGNOSTICS    S A V E  I T  W I T H  $AVRS  
   
Primary Filters:   
 NAME    ==> DE0P08*  THRU: ==> SYSLOG ID ==>  
 TYPE    ==> JN SYSTEM ID ==>  
 NUMBER  ==>   
Date Filters:_DATEEXTENDED DATE___TIMEHH:MM
 SYSTEM   SAT 05 JAN 2013.005 07:50    
 START   ==>    ==>  
 END ==>  ==>  
Other Filters:_
 SELECT RULE ==>    MSGCLASS  ==>  
 RETURN CODE ==>    ACK CODE  ==>  
 PGMER NAME  ==>   
Other Controls:
 SORT FIELD  ==>    RANGE ==>  (Y/N)   
 SORT A/D    ==> A  CONF DELS ==> Y    (Y/N)  

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: DFSMRCL0 usermod - was: I broke it

2013-01-05 Thread Robert S. Hansel (RSH)

Peter,

Suggest to the ADCD owners that they make an IRRDBU00 unload of the RACF 
database and then run the IRRRID00 Remove ID utility with the unload as input 
to find and remove references to deleted users and groups. Instructions, 
examples, guidelines, and tips for running these utilities are provided in our 
presentation "RACF Utilities", available on our website via the RACF Center 
webpage.

Also suggest the them that they run ICHDSM00 (a.k.a. DSMON) to identify system 
datasets that may not be properly protected and incomplete STARTED profiles. 
The aforementioned presentation has information on DSMON.

Further suggest to them that they make an IRRHFSU unload of the entire Unix 
file system and examine the results to identify orphaned Owner UIDs and Group 
GIDs. Information for obtaining and running the IRRHFSU utility are provided in 
our presentation "IRRHFSU", also available on our website. This presentation 
includes a sample ICETOOL report for finding orphaned IDs.

If the ADCD owners have any problems or questions when trying to run the 
reports or need help interpreting the results, have them contact me directly. 
We have use of an ADCD system in Dallas, so helping them clean this up would 
benefit us as well.

Regards, Bob

Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel 
www.rshconsulting.com 
-
2013 RACF Training
- Securing z/OS UNIX  - WebEx - JAN 15-17
- Intro & Basic Admin - WebEx - FEB 4-8
- Audit for Results   - Boston - APR 24-26
- Intro & Basic Admin - Boston - MAY 21-23
- Securing z/OS UNIX  - WebEx - JUL 23-25
-

-Original Message-
Date:Fri, 4 Jan 2013 08:13:24 -0500
From:Peter Relson 
Subject: Re: DFSMRCL0 usermod - was: I broke it

The ADCD owners confirm that they do now have plans to run IBM 
HealthChecker for z/OS against the ADCD (at least for the newer releases 
of z/OS that they support). Whether that was a direct result of this 
thread or not, I am not sure. It remains to be seen how much they take 
advantage of the exceptions that initially are reported. 

Once that is underway, I expect, at least, that the DFSMRCL0 usermod will 
not be applied when a z/OS 1.13 ADCD system is subsequently built. I 
mention 1.13 only because that is the release where the HC of IEAVTRML is 
introduced and thus that is the release where the presence of DFSMRCL0 
usermod would be flagged. Quite possibly they will be able to apply that 
"knowledge" to earlier releases that have IMS V9 or later (that being the 
release where the need for DFSMRCL0 went away, and knowing that earlier 
IMS versions are no longer supported).

If any of you care to "contribute" by running HC yourself on the ADCD 
system and reporting things that both are flagged as exceptions and that 
in all likelihood would help just about the entire ADCD community to have 
changed, feel free to send me a note (but not that IEAVTRML one, please!). 
I mention the "entire ADCD community" only because I can imagine some 
exception situations being left alone in order to accommodate a subset of 
users who might need the flagged behavior. I have no specific examples of 
such things with respect to ADCD.

I do also have hope that some information would accompany the 
distribution, setting the "expectation" for what exceptions one might see 
if running HC.

Peter Relson
z/OS Core Technology Design

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security vulnerability in IBM HTTP Server for z/OS Version 5.3 (PM79239)

Re: Security vulnerability in IBM HTTP Server for z/OS Version 5.3 (PM79239)

Re: Security vulnerability in IBM HTTP Server for z/OS Version 5.3 (PM79239)

Re: Grant permission for TSO Account command

Re: Security vulnerability in IBM HTTP Server for z/OS Version 5.3 (PM79239)

Re: Products to produce/modify AFP resources for use on z

Does Anyone Have Tape Drives

Re: Security vulnerability in IBM HTTP Server for z/OS Version 5.3 (PM79239)

Re: Security vulnerability in IBM HTTP Server for z/OS Version 5.3 (PM79239)

Re: Security vulnerability in IBM HTTP Server for z/OS Version 5.3 (PM79239)

$AVRS QUESTION - RETAINING SCREEN VALUES

Re: DFSMRCL0 usermod - was: I broke it

12 matches

Site Navigation

Mail list logo

Footer information