Re: Special characters in passwords was Re: RACF - Password rules .

f it can't be done in RPG, are you sure it's worth doing?" Chris Mason - Original Message - From: "Rick Fochtman" <[EMAIL PROTECTED]> Newsgroups: bit.listserv.ibm-main To: Sent: Tuesday, 16 January, 2007 3:46 PM Subject: Re: Special characters i

Re: Special characters in passwords was Re: RACF - Password rules .

In <[EMAIL PROTECTED]>, on 01/15/2007 at 11:34 PM, "Robert A. Rosenberg" <[EMAIL PROTECTED]> said: >Because after they got C going that did not want to risk creating a D > to replace it (but went on to C+ and then C++ [getting "Better" each > time]). You do know that C was proceeded by a B (whi

Re: Special characters in passwords was Re: RACF - Password rules .

Rick Fochtman said: -- SNOBOL! Here, hand me some strings! -- When I was learning SNOBOL, the book had a program listed called ICEBOL for putting SNOBOL programs onto fewer cards. It had an optional parameter "Don't

Re: Special characters in passwords was Re: RACF - Password rules .

-- SNOBOL! Here, hand me some strings! BTW - I saw a car on I-80 here in Roseville (CA) a couple of days ago with the vanity plate SNOBOL. Sadly, I wasn't driving my car with ASM PGMR and a Hercules license plate frame on it. He was older than I. I wond

Re: Special characters in passwords was Re: RACF - Password rules .

Howard Brazee wrote: Verbal orders - as opposed to pantomimed orders?I am picturing Patton directing traffic from the movie. re: http://www.garlic.com/~lynn/2007b.html#37 Special characters in passwords was Re: RACF - Password rules who goes into enemy territory before the tanks? a

Re: Special characters in passwords was Re: RACF - Password rules .

past post in this thread about Multics and vulnerabilities http://www.garlic.com/~lynn/2007b.html#12 Special characters in passwords was Re: RACF - Password rules Multics was on the 5th flr, 545 tech sq ... box originally was GE ... before GE sold their computer business to Honeywell. Cambrdige

Re: Special characters in passwords was Re: RACF - Password rules .

might know. Later, Ray -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Rick Fochtman Sent: Tuesday January 16 2007 06:47 To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Special characters in passwords was Re: RACF - Password rules . Shmuel Metz (Seymour

Re: Special characters in passwords was Re: RACF - Password rules .

nframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Robert A. Rosenberg Sent: Monday January 15 2007 20:34 To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Special characters in passwords was Re: RACF - Password rules . At 12:56 -0500 on 01/15/2007, Shmuel Metz (Seymour J.) wrote about Re: Special

Re: [Fwd: Re: Special characters in passwords was Re: RACF - Password rules .]

On 15 Jan 2007 12:23:34 -0800, [EMAIL PROTECTED] (Ed Gould) wrote: >At the god unearthly hour of 6AM a nurse tried to take blood from me. >I informed her I was an hard draw. She poked me once and of course >couldn't get any blood. I looked at her and told her: "You know the >saying 3 strikes

Re: Special characters in passwords was Re: RACF - Password rules .

On Sun, 14 Jan 2007 11:32:02 -0700, Anne & Lynn Wheeler <[EMAIL PROTECTED]> wrote: >... several times Boyd quoted Guderian (before the biltzkrieg) as directing >"verbal orders only" ... for much the same reason (minimizing troops worrying >that afterwards getting blamed for making less than opti

Re: Special characters in passwords was Re: RACF - Password rules .

Shmuel Metz (Seymour J.) wrote: In <[EMAIL PROTECTED]>, on 01/10/2007 at 01:26 PM, "McKown, John" <[EMAIL PROTECTED]> said: Java! Java! Java! No, wait. Perl! Perl! Perl! Uh, make that Ruby! Ruby! Ruby! OK, old-timers repeat after me COBOL! COBOL! COBOL! COMMTRAN! COMMTRAN! COMMTRAN

Re: Special characters in passwords was Re: RACF - Password rules .

> -Original Message- > From: IBM Mainframe Discussion List On Behalf Of Shmuel Metz (Seymour J.) > > In <[EMAIL PROTECTED]>, on 01/10/2007 >at 01:16 PM, Edward Jaffe said: > > >Isn't "C" the language that grades itself? > > Then why isn't it called F? Perhaps at the time "they" didn

Re: Special characters in passwords was Re: RACF - Password rules .

>You do know that C was proceeded by a B (which never made it out of the >planning stage). Yes it did. I programmed in B for four years at the University of Waterloo. Any new subsystems/commands written for a GCOS8 systen, running on a Honeywell Level 66 were written in it. This included the e-m

Re: Special characters in passwords was Re: RACF - Password rules .

At 12:56 -0500 on 01/15/2007, Shmuel Metz (Seymour J.) wrote about Re: Special characters in passwords was Re: RACF - Password: >Isn't "C" the language that grades itself? Then why isn't it called F? Because after they got C going that did not want to risk creating a D to replace it (but w

Re: Special characters in passwords was Re: RACF - Password rules .

In <[EMAIL PROTECTED]>, on 01/10/2007 at 01:26 PM, "McKown, John" <[EMAIL PROTECTED]> said: >Java! Java! Java! No, wait. Perl! Perl! Perl! Uh, make that Ruby! >Ruby! Ruby! OK, old-timers repeat after me COBOL! COBOL! COBOL! COMMTRAN! COMMTRAN! COMMTRAN! FACT! FACT! FACT! -- Shmuel (Sey

Re: Special characters in passwords was Re: RACF - Password rules .

In <[EMAIL PROTECTED]>, on 01/10/2007 at 01:16 PM, Edward Jaffe <[EMAIL PROTECTED]> said: >Isn't "C" the language that grades itself? Then why isn't it called F? -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see We don'

Re: SPAM-LOW: Re: [Fwd: Re: Special characters in passwords was Re: RACF - Password rules .]

-- I used that but in a different way in the hospital early this year. I am en extremely difficult person to draw blood from and I am not a morning person (without coffee) . At the god unearthly hour of 6AM a nurse tried to take blood from

Re: [Fwd: Re: Special characters in passwords was Re: RACF - Password rules .]

On Jan 15, 2007, at 3:14 AM, Ulrich Boche wrote: Sorry, needed to repost because I only posted to the newsgroup. -- SNIP The magic reason for nearly everyone using a RACF revoke limit of 3 is baseball a

[Fwd: Re: Special characters in passwords was Re: RACF - Password rules .]

Sorry, needed to repost because I only posted to the newsgroup. Joel C. Ewing wrote: At one time (a number of years ago) we had a RACF revoke limit > 5. Got similar argument from auditors who wanted 3. We analyzed RACF SMF records to determine how much lowering the threshold would raise numbe

Re: Special characters in passwords was Re: RACF - Password rules .

Rick Fochtman wrote: - At one time (a number of years ago) we had a RACF revoke limit > 5. Got similar argument from auditors who wanted 3. We analyzed RACF SMF records to determine how much lowering the threshold would raise number of daily re

Re: Special characters in passwords was Re: RACF - Password rules .

>It's not up to him to "dictate" security policy, only to examine and recommend >(possible) improvements. Even recommendations are outside the area of responsibility. . Questions? Concerns? (Screems of Outrage?) -- For IBM-MAI

Re: Special characters in passwords was Re: RACF - Password rules .

Anne & Lynn Wheeler wrote: 3) Auditors Are the People Who Go in After the War Is Lost and Bayonet the Wounded. re: http://www.garlic.com/~lynn/2007b.html#36 Special characters in passwords was Re: RACF - Password rules ... several times Boyd quoted Guderian (before the biltzkrieg

Re: Special characters in passwords was Re: RACF - Password rules .

words ... mentioned earlier in this thread (and led to putting all corporate letterhead paper under lock & key) http://www.garlic.com/~lynn/2007b.html#6 Special characters in passwords was Re: RACF - Password rules past postings mentioning a security audit that included osearch of the fac

Re: Special characters in passwords was Re: RACF - Password rules .

- At one time (a number of years ago) we had a RACF revoke limit > 5. Got similar argument from auditors who wanted 3. We analyzed RACF SMF records to determine how much lowering the threshold would raise number of daily revokes on legitimate us

Re: Special characters in passwords was Re: RACF - Password rules .

>Any auditor that claims everyone uses 3 or that there is something magic that >makes "3" optimum is shoveling B.S. As I said in my original response, it's the security people. Auditors do not set rules. That's for the SME's. Auditors do not enforce rules. That's for the compliance department.

Re: Special characters in passwords was Re: RACF - Password rules .

R.S. wrote: Ted MacNEIL wrote: BTW: I changed 3 strikes rule to 5 strikes and number of password reset issues was reduced over half (less than 50% left). We have no control of 'N'. Our security department picked three. Some auditors told me that it should be 3. I always asked why - "because

Re: Special characters in passwords was Re: RACF - Password rules .

Howard Brazee wrote: On 10 Jan 2007 03:13:09 -0800, [EMAIL PROTECTED] (R.S.) wrote: Additional security also raises the price. Almost always. Additional complexity doesn't always mean additional security, sometimes the opposite. Insufficient security can be much more expensive. Agreed, ca

Re: Special characters in passwords was Re: RACF - Password rules .

If it is, it is awfully generous. Or maybe is just uses a generous curve. :-D Edward Jaffe wrote: Jon Brock wrote: I know some people think that C is the best programming language in history, but this is one reason -- another being the tendency it engenders for pointer problems -- that

Re: Special characters in passwords was Re: RACF - Password rules .

Jon Brock wrote: I know some people think that C is the best programming language in history, but this is one reason -- another being the tendency it engenders for pointer problems -- that I could never get into it wholeheartedly. Isn't "C" the language that grades itself? -- Edwa

Re: Special characters in passwords was Re: RACF - Password rules .

> -Original Message- > From: IBM Mainframe Discussion List On Behalf Of McKown, John > > > -Original Message- > > From: IBM Mainframe Discussion List On Behalf Of Jon Brock > > > > I know some people think that C is the best programming language in > > history, but this is on

Re: Special characters in passwords was Re: RACF - Password rules .

On 10 Jan 2007 11:30:31 -0800, [EMAIL PROTECTED] (Steve Comstock) wrote: >> Java! Java! Java! No, wait. Perl! Perl! Perl! Uh, make that Ruby! Ruby! >> Ruby! OK, old-timers repeat after me COBOL! COBOL! COBOL! >> > >Assembler! Assembler! Assembler! We don't need no stinking assemblers. We've go

Re: Special characters in passwords was Re: RACF - Password rules .

McKown, John wrote: -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Jon Brock Sent: Wednesday, January 10, 2007 1:19 PM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Special characters in passwords was Re: RACF - Password rules . I know some

Re: Special characters in passwords was Re: RACF - Password rules .

> -Original Message- > From: IBM Mainframe Discussion List > [mailto:[EMAIL PROTECTED] On Behalf Of Jon Brock > Sent: Wednesday, January 10, 2007 1:19 PM > To: IBM-MAIN@BAMA.UA.EDU > Subject: Re: Special characters in passwords was Re: RACF - > Password rules . >

Re: Special characters in passwords was Re: RACF - Password rules .

I know some people think that C is the best programming language in history, but this is one reason -- another being the tendency it engenders for pointer problems -- that I could never get into it wholeheartedly. Jon in much of the 90s, the biggest (internet) related threats were f

Re: Special characters in passwords was Re: RACF - Password rules .

ome work on using virtualization in attempt to address the diametrically opposing requirements ... no defenses and countermeasures at the same time requiring very extensive defenses and countermeasures. other posts in this thread: http://www.garlic.com/~lynn/2007b.html#6 Special characters in passw

Re: Special characters in passwords was Re: RACF - Password rules .

On Wed, 10 Jan 2007 09:21:53 -0700, Anne & Lynn Wheeler <[EMAIL PROTECTED]> wrote: >security (actually almost any characteristic) guideline has been that >it has to be built in as part of the base infrastructure and KISS. One of the tough choices programmers come up with is when a 30 year old pro

Re: Special characters in passwords was Re: RACF - Password rules .

ttp://www.garlic.com/~lynn/2007b.html#6 Special characters in passwords was Re: RACF - Password rules http://www.garlic.com/~lynn/2007b.html#8 Special characters in passwords was Re: RACF - Password rules -- For IBM-MAIN subscribe

Re: Special characters in passwords was Re: RACF - Password rules .

On 10 Jan 2007 06:39:57 -0800, [EMAIL PROTECTED] (R.S.) wrote: >Some auditors told me that it should be 3. I always asked why - "because >it should be 3. Everywhere is 3". My answer: "here is 5, si it invalid >number? It's not true about everywhere, because in many places it's >infinity". >I al

Re: Special characters in passwords was Re: RACF - Password rules .

On 10 Jan 2007 03:13:09 -0800, [EMAIL PROTECTED] (R.S.) wrote: >Additional security also raises the price. Almost always. >Additional complexity doesn't always mean additional security, sometimes >the opposite. Insufficient security can be much more expensive. --

Re: Special characters in passwords was Re: RACF - Password rules .

Ted MacNEIL wrote: BTW: I changed 3 strikes rule to 5 strikes and number of password reset issues was reduced over half (less than 50% left). We have no control of 'N'. Our security department picked three. Some auditors told me that it should be 3. I always asked why - "because it should b

Re: Special characters in passwords was Re: RACF - Password rules .

>BTW: I changed 3 strikes rule to 5 strikes and number of password reset issues was reduced over half (less than 50% left). We have no control of 'N'. Our security department picked three. Yaw tee pucketty! Rum ting clue! Ni! Ni! Ni! Arrooo!

Re: Special characters in passwords was Re: RACF - Password rules .

Ted MacNEIL wrote: [...] All these rules make it very difficult to come up with a new one. It took me 20 minutes to create one on one site. (Of course, in this case, it wouldn't tell me what rules it was using; I had to guess). I oftenly met security guys, which want to keep the security rules

Re: Special characters in passwords was Re: RACF - Password rules.

Rick Fochtman wrote: The nature of our business was such that we handled large amounts of other people's money on a daily, and even hourly, basis. When I started there, in 1981, I was told that we processed enough money in a week to pay the National Debt. Needless to say, security and employee

Re: Special characters in passwords was Re: RACF - Password rules.

On 9 Jan 2007 07:39:00 -0800, [EMAIL PROTECTED] (Schramm, Rob) wrote: >Bruce Schneier has argued that encryption and passwords are only tools >like anything else. Most of the real problems come with the people who >are trained or not trained in more "secure" mindset. Remember that they are tool

Re: Special characters in passwords was Re: RACF - Password rules.

-- Or, someone will write a Rexx program that generates conforming passwords using some simple (and predictable) algorithm. Eventually everyone ends up using the same "strong" password. :-) I've never understood why security administrat

Re: Special characters in passwords was Re: RACF - Password rules.

Bruce Schneier has argued that encryption and passwords are only tools like anything else. Most of the real problems come with the people who are trained or not trained in more "secure" mindset. I am an advocate for some password rules. Too many rules: * start to eliminate possibilities.. mean

Re: Special characters in passwords was Re: RACF - Password rules.

[EMAIL PROTECTED] (Arthur T.) writes: You pick ease over security. At my old shop, we had several RACF-protected systems plus one VM system that held the password unencrypted. Most people used the same password on all, making them none of them secure. Many people also used the same passwo

Re: Special characters in passwords was Re: RACF - Password rules.

Or you could make the rules so complex that there is only one valid password. Nigel On 9/1/07 15:11, "Ted MacNEIL" <[EMAIL PROTECTED]> wrote: >> Why don't they use single sign-on and passtickets? Also, the fact that they >> pander to what people want doesn't make "what people want" good. > >

Re: Special characters in passwords was Re: RACF - Password rules.

On 8 Jan 2007 17:25:55 -0800, [EMAIL PROTECTED] (Arthur T.) wrote: > BTW, respected security experts have started saying >that you *should* write down your passwords. With the >number of different passwords the average worker needs, the >workers will either: > >1. choose the same passwor

Re: Special characters in passwords was Re: RACF - Password rules.

>Why don't they use single sign-on and passtickets? Also, the fact that they >pander to what people want doesn't make "what people want" good. What people want is to be able to sign on easily, and not have to call somebody because the rules make it difficult to remember passwords. This kind of

Re: Special characters in passwords was Re: RACF - Password rules.

On 9 Jan 2007 05:41:41 -0800, in bit.listserv.ibm-main (Message-ID:<[EMAIL PROTECTED]>) [EMAIL PROTECTED] (Ted MacNEIL) wrote: 1. choose the same password for multiple applications (a definite no-no); In your 'expert' opinion? No, true experts' opinions. See, for instance: http://ne

Re: Special characters in passwords was Re: RACF - Password rules.

>1. choose the same password for multiple applications (a definite no-no); In your 'expert' opinion? Packages like P-Synch, and Vanguard's password administrator depend on/work with that. Session Managers (TPX, SuperSession) work with it, too. I'd rather have a single password, than write the

Re: Special characters in passwords was Re: RACF - Password rules.

On 8 Jan 2007 14:54:28 -0800, in bit.listserv.ibm-main (Message-ID:<[EMAIL PROTECTED]>) [EMAIL PROTECTED] (Don Leahy) wrote: I've never understood why security administrators are so fond of dreaming up password rules that only serve to reduce the domain of acceptable passwords, thereby making

Re: Special characters in passwords was Re: RACF - Password rules.

- Original Message - From: Jan MOEYERSONS >Date: Jan 8, 2007 5:40 AM Subject: Re: Special characters in passwords was Re: RACF - Password rules. To: IBM-MAIN@bama.ua.edu If it is too complicated, people will defy it by noting the "strong" password on a Post-It

Re: Special characters in passwords was Re: RACF - Password rules.

>>> We have planned to implement the following password rules in RACF. >>> >>> Passwords Syntax: >>> * Restrictions on repeated characters >>> * Alphanumeric passwords, including special characters, upper case, and >>> lower case. Why not thrown in numerics too? That way you are absolutely sure th

Re: Special characters in passwords was Re: RACF - Password rules.

On 1/5/2007 12:59 PM, Clark Morris wrote: > The choice of nationals as the only special characters allowable in passwords is poor to say the least. The $ code point becomes a pound sterling sign in the UK and the yen sign in Japan. I suspect similar changes for the others. It would be far mor

Re: Special characters in passwords was Re: RACF - Password rules.

Characters like slash used in a password conflict with the parsing routines used for e.g. LOGON APPLID(...) DATA(...). Who knows where all there is parse-like hardcode of sessiondata. And then there is the security system password prompts where today slash after pwd means new pwd. I try to av

Special characters in passwords was Re: RACF - Password rules.

On 3 Jan 2007 18:35:45 -0800, in bit.listserv.ibm-main you wrote: >Karthick wrote: >> Hello, >> >> We have planned to implement the following password rules in RACF. >> >> Passwords Syntax: >> * Restrictions on repeated characters >> * Alphanumeric passwords, including special characters, upper