I'm shocked.
Staffan
On Fri, Feb 24, 2012 at 4:59 AM, Tony Harminc wrote:
> On 23 February 2012 21:12, Hall, Keven wrote:
> > The hook that Bill discovered is the same one I'm referring to. After I
> > found it I there was some discussion about disabling it to see what
> > might shake out bu
>> I'd prefer to not name names. <<
But it is out in the public already-
Here is the story - a certain wellknown german (now doing what GSF did
before) and I were talking in a sauna of a hotel in (I forgot the city)
about how to hack an MVS system I found with the url ending with
nyc.org.
That s
I did not make the discovery; and I will therefore respect, for now at
least, the discoverer's decision not make the miscreant's name public.
I believe, however, that this name should be made public. This
information should not be confined to the priesthood
Trapdoors are not new, and I suspect t
On 2/24/2012 5:43 AM, John Gilmore wrote:
There had been a tacit assumption that notionally respectable ISVs do
not do such things. That assumption has been undermined, and even
responsible ISVs will now have to spend time and energy reassuring
their customers that they are not guilty too.
They
SAG did get rid of their famous one about 17 years ago, though. :)
On 2012-02-23 17:37, Gibney, Dave wrote:
Haven't looked, since I have Software AG, BMC, CA, SYNCSORT, LRS plus a few
others, is it likely I will find it ? :)
Dave Gibney
Information Technology Services
Washington State Unive
On Feb 24, 2012, at 08:01, Edward Jaffe wrote:
> On 2/24/2012 5:43 AM, John Gilmore wrote:
>> There had been a tacit assumption that notionally respectable ISVs do
>> not do such things. That assumption has been undermined, and even
>> responsible ISVs will now have to spend time and energy reass
On Fri, Feb 24, 2012 at 8:43 AM, John Gilmore wrote:
>
> I believe, however, that this name should be made public. This
> information should not be confined to the priesthood
>
John,
The name of the offending ISV can be inferred if you read the text of each
post in this thread carefully...
--
What I don't understand, pardon my "naifness" (split the thread John:), is
the need for such today.
When any of the vendors I named instruct me so, I dutifully APF their libraries
and they often reside in the linklist which we at least do set AFP via IEASYSxx.
Why a secret authority chang
On Fri, Feb 24, 2012 at 12:54 PM, Gibney, Dave wrote:
> What I don't understand, pardon my "naifness" (split the thread John:),
> is the need for such today.
> When any of the vendors I named instruct me so, I dutifully APF their
> libraries and they often reside in the linklist which we at lea
On 2/24/2012 9:51 AM, Mike Shaw wrote:
On Fri, Feb 24, 2012 at 8:43 AM, John Gilmorewrote:
I believe, however, that this name should be made public. This
information should not be confined to the priesthood
John,
The name of the offending ISV can be inferred if you read the text of each
po
The point is exactly that - THERE IS NO NEED - given the today's available
facilities in z/OS.
However, if this ISV has been around for a while and this hook has existed for
as many years then it is likely that quite a few software products will have
inherited it.
The development cost of repla
Edward Jaffe wrote:
I think John meant PUBLIC--as opposed to known among| a small
minority, including those involved in this discussion.
I did. I know very well who the culprit is.
I have also been chided for failing to provide an apposite quotation.
Here then is one:
C'est pire qu'un crime,
The message below is one of a set of messages on a topic relating to the
security of the zOS operating system. Based on my knowledge of the
internals of the operating system, I would say there exists, at minimum, a
reputation risk if it were known that Tsys had installed software from a
vendor
Some further observations on this situation.
On naming the perpetrator: It is easy to sound like one of a gaggle of
pompous and self important journalists who all know some nasty little
secret or piece of gossip, but have appointed themselves gatekeepers
of the news and are unwilling to publish. B
:>: -Original Message-
:>: From: IBM Mainframe Assembler List [mailto:ASSEMBLER-
:>: l...@listserv.uga.edu] On Behalf Of Tony Harminc
:>: Sent: Friday, February 24, 2012 2:56 PM
:>: To: ASSEMBLER-LIST@LISTSERV.UGA.EDU
:>: Subject: Re: Program FLIH
snip
:>: It seems to me that, apart from
Tony has provided us with a valuable summary. His view is not, however, mine.
I do not think that the issue is one of misuse by the putative
culprit. I am not aware of any suggestion that he has misused this
device in any way, and I do not think that it would be in his interest
to do so.
The is
And (given the discussion so far) you feel no qualms about handing the keys
of the realm to any and all persons of unknown (programming) quality/probity ?.
I have harped on about this for years elsewhere, and keep getting beaten down
as "unjustified" (that was the politest synonym I could come up
On Feb 24, 2012, at 15:56, Tony Harminc wrote:
>
> It seems to me that, apart from the eagle eyed Keven Hall, the parties
> who must know that this code is installed at many sites are its
> provider, and, by virtue of the unequalled number of dumps it receives
> from its customers, IBM. That IBM ha
18 matches
Mail list logo
