Re: Cobol malicious code lookup

2008-08-16 Thread Joel C. Ewing
It's only possible to automate what can be formally described. Unless a programmer conveniently comments his sections of "malicious" code as such, I can think of no criteria that would make "malicious" COBOL code (or code in any other language) readily distinguishable by manual or automatic sc

Re: Cobol malicious code lookup

2008-08-12 Thread Hal Merritt
nt: Monday, August 11, 2008 2:31 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Cobol malicious code lookup I know some products that checks program complexity, and even those who look into specific command usage. But this time I am looking for a product to analyse mainframe traditional language (Cobol, PLI

Re: Cobol malicious code lookup

2008-08-11 Thread Brian Fitzgibbon
Pat Sorry about the previous response. I tend to agree with you - it can be a simple matter to "scan" for "known criteria". To find items (e.g. blowing an array in CICS transaction) - that would have other consequences would be a tough chore to handle. Regards Brian Fitzgibbon SEGUS Inc

Re: Cobol malicious code lookup

2008-08-11 Thread Brian Fitzgibbon
Pat, On Mon, Aug 11, 2008 at 3:59 PM, Patrick O'Keefe <[EMAIL PROTECTED]>wrote: > On Mon, 11 Aug 2008 17:12:57 +0200, Dr. Stephen Fedtke > <[EMAIL PROTECTED]> wrote: > > >... > >we are specialized in runtime-related z/OS malicious code detection, > and > >programcode scan for virus/malicious cod

Re: Cobol malicious code lookup

2008-08-11 Thread Patrick O'Keefe
On Mon, 11 Aug 2008 17:12:57 +0200, Dr. Stephen Fedtke <[EMAIL PROTECTED]> wrote: >... >we are specialized in runtime-related z/OS malicious code detection, and >programcode scan for virus/malicious code on load module level ... Interesting. Your system can determine intent just by reading loa

Re: Cobol malicious code lookup

2008-08-11 Thread Itschak Mugzach
Stephen, I looked into your site. It doesn't cover 3rd generation languages like Cobol. Is this true? Please suply a link. Regards, ITschak On 8/11/08, Dr. Stephen Fedtke <[EMAIL PROTECTED]> wrote: > > if malicious code is generally your concern, i apologize for recommend > reading "it sec fo

Re: Cobol malicious code lookup

2008-08-11 Thread Dr. Stephen Fedtke
if malicious code is generally your concern, i apologize for recommend reading "it sec forum" at www.enterprise-it-security.com we are specialized in runtime-related z/OS malicious code detection, and programcode scan for virus/malicious code on load module level (unfortunately, not on source code

Re: Cobol malicious code lookup

2008-08-11 Thread Itschak Mugzach
No, I don't mean bugs. I mean something that programmer can put into hus program that will cause a theft of money. for example, back door that can be ised to eliminate part or all services, etc. ITschak On 8/11/08, Binyamin Dissen <[EMAIL PROTECTED]> wrote: > > On Mon, 11 Aug 2008 11:01:57 +0200

Re: Cobol malicious code lookup

2008-08-11 Thread Binyamin Dissen
On Mon, 11 Aug 2008 11:01:57 +0200 Itschak Mugzach <[EMAIL PROTECTED]> wrote: :>malicious code = non normative code, a code that makes things not allowed or :>planned intentionally or not. If you can define what "normative" is, you can scan for the other. :>Moving literals into record is suspect

Re: Cobol malicious code lookup

2008-08-11 Thread McKown, John
> -Original Message- > From: IBM Mainframe Discussion List > [mailto:[EMAIL PROTECTED] On Behalf Of Chase, John > Sent: Monday, August 11, 2008 6:50 AM > To: IBM-MAIN@BAMA.UA.EDU > Subject: Re: Cobol malicious code lookup > > > -Original Message--

Re: Cobol malicious code lookup

2008-08-11 Thread Itschak Mugzach
I've tried iehiball many times in the past ;-) There must be a way to automate it. On 8/11/08, Chase, John <[EMAIL PROTECTED]> wrote: > > > -Original Message- > > From: IBM Mainframe Discussion List On Behalf Of Itschak Mugzach > > > > I know some products that checks program complexity,

Re: Cobol malicious code lookup

2008-08-11 Thread Chase, John
> -Original Message- > From: IBM Mainframe Discussion List On Behalf Of Itschak Mugzach > > I know some products that checks program complexity, and even > those who look into specific command usage. But this time I > am looking for a product to analyse mainframe traditional > language

Re: Cobol malicious code lookup

2008-08-11 Thread Itschak Mugzach
malicious code = non normative code, a code that makes things not allowed or planned intentionally or not. Moving literals into record is suspected, not always a malicious code. ITschak On 8/11/08, Binyamin Dissen <[EMAIL PROTECTED]> wrote: > > On Mon, 11 Aug 2008 09:30:57 +0200 Itschak Mugzach

Re: Cobol malicious code lookup

2008-08-11 Thread Binyamin Dissen
On Mon, 11 Aug 2008 09:30:57 +0200 Itschak Mugzach <[EMAIL PROTECTED]> wrote: :>I know some products that checks program complexity, and even those who look :>into specific command usage. But this time I am looking for a product to :>analyse mainframe traditional language (Cobol, PLI, etc) for mal

Cobol malicious code lookup

2008-08-11 Thread Itschak Mugzach
I know some products that checks program complexity, and even those who look into specific command usage. But this time I am looking for a product to analyse mainframe traditional language (Cobol, PLI, etc) for malicious code. I have some ideas like the usage of string command, Input that come outs