Ladies and Gentlemen,
A gentle reminder that the next meeting of the GSE UK Security Working Group,
will take place on Thursday 6th June 2019 at the new offices of RSM Partners in
Bromsgrove, UK (a 40 minute drive from Birmingham Airport). If you cannot
attend in person, you are welcome to joi
On Wed, 8 May 2019 20:40:12 +, Seymour J Metz wrote:
>Yes, but you can FTP to an MVS file, which you can allocate with attributes.
>
"MVS file"? Do you mean a data set, or as TSO overloads the term, a DDNAME?
But the OP seemed to be interested in a UNIX file.
Mike didn't say where this was
So running an SMP/E CLEANUP against the target zone should delete that (I assume
the function sysmod is accepted). I guess IBM should do that on whatever zone
is
used to merge OGL/370 (or whatever their process is) into the z/OS SMP/E zones
delivered with a z/OS ServerPac also.
As far as your
FAQ: For Multiprise 3000 (7060-H30) Internal Disk Subsystem - acquiring disks
of unknown or questionable origin that you intend to re-use
There is a very little or obscurely documented feature that should be more
widely known by owners.
The feature is called InitSurf (Surface Initialization).
https://www.zdnet.com/article/chinese-hackers-were-using-nsa-malware-a-year-before-shadow-brokers-leak/
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: IN
There is a lot of security out there, if you're permitted to use it. TCPIP did
not make the mainframe less safe, other things using TCPIP did, especially when
we moved most authentication off the mainframe.
"Let the servers do anything they want!" "A, no."
The pen tester found stupid poi
There's a sysmod entry for UQ13184 in the target that shows SUP'D by FMID
HVRL100. It doesn't make sense but without this nonsense, SMPMTS would be
empty. It's one of those products we keep ordering because no one still here is
confident in dropping it.
.
.
J.O.Skip Robinson
Southern Californ
You can also specify -W and seqparms= on the cp command to specify DCB and
space--and not have to pre-allocate the dataset.
First Tennessee Bank
Mainframe Technical Support
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Seymour J Metz
Sent: Wednesday, May 08, 2019
Yes, but you can FTP to an MVS file, which you can allocate with attributes.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List on behalf of
Paul Gilmartin <000433f07816-dmarc-requ...@listserv.ua.edu>
Sent:
On 5/8/19, Seymour J Metz wrote:
> What happens if you pre-allocate the file as FB 80 and do a binary FTP?
Ahh !
Didn't think of that !
get the.xmi '//me.ind' did the trick !
Thanks.
Mike
>
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
>
> _
As Seymour suggested, we use filezilla to transfer files and pre-allocate
them.
ITschak
בתאריך יום ד׳, 8 במאי 2019, 23:09, מאת Seymour J Metz :
> What happens if you pre-allocate the file as FB 80 and do a binary FTP?
>
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
>
> __
On Wed, 8 May 2019 20:09:29 +, Seymour J Metz wrote:
>What happens if you pre-allocate the file as FB 80 and do a binary FTP?
>
You can't pre-allocate a UNIX file with attributes.
>
>From: Mike Stramba
>Sent: Wednesday, May 8, 2019 3:59 PM
>Is there is
On Wed, 8 May 2019 15:59:08 -0400, Mike Stramba wrote:
>Is there is an OMVS "copy-to-mvs-fb80" equivalent to an "ind$file" upload ?
>
>Scenario :
>
>1) While in OMVS : ftp (receive) an XMI file to the z/os system. (z/os 2.3)
>
>2) Now copy (cp ?) to a FB80 file.
>
>I've tried "cp test.XMI
Pre Co:Z I had to do a bunch of shenanigans with scripts to copy files
"automatically" from OMVS. You need to check out the -v and -W arguments of
cp. Or just use Co:Z.
First Tennessee Bank
Mainframe Technical Support
-Original Message-
From: IBM Mainframe Discussion List On Behalf
OGL/370 is not a base z/OS component it is an old program product. I think my
client dropped it finally at z/OS 2.1.
But being that it is ancient (25 yrs old?), why wouldn't all the maintenance
come
accepted with a ServerPac order?
Best Regards,
Mark
--
Mark Zelden - Zelden Consulting Serv
On May 8, 2019, at 2:59 PM, Mike Stramba
mailto:mikestra...@gmail.com>> wrote:
1) While in OMVS : ftp (receive) an XMI file to the z/os system. (z/os 2.3)
2) Now copy (cp ?) to a FB80 file.
I've tried "cp test.XMI '//user.FB80', but am getting an empty
user.FB80 file.
3) then issue
What happens if you pre-allocate the file as FB 80 and do a binary FTP?
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List on behalf of
Mike Stramba
Sent: Wednesday, May 8, 2019 3:59 PM
To: IBM-MAIN@LISTSERV.UA
Is there is an OMVS "copy-to-mvs-fb80" equivalent to an "ind$file" upload ?
Scenario :
1) While in OMVS : ftp (receive) an XMI file to the z/os system. (z/os 2.3)
2) Now copy (cp ?) to a FB80 file.
I've tried "cp test.XMI '//user.FB80', but am getting an empty
user.FB80 file.
3) the
It's similar to an authorized program in that there are complex rules for its
use. You can associate access rules with controlled programs, but you need to
dot all the Is and cross all the Ts.
An example might be giving a specific user to a payroll file only if he is
running a specific program.
"That is not new, it has already been, for there is nothing new under the Sun."
There have been extensive discussions here over the decades about bad auditors.
OTOH, if you're lucky enough to have competent auditors, they can really help.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
Once in while assessment value nothing. your systems are probably changing
every day. Consider continuous monitoring solution...
ITschak
On Wed, May 8, 2019 at 10:28 PM Tom Brennan
wrote:
> We're you told what prevented them from getting into the mainframe, or
> any details about the attempt?
>
"Were"... typing while eating is my excuse. Sorry for the crumbs.
On 5/8/2019 12:27 PM, Tom Brennan wrote:
We're you told what prevented them from getting into the mainframe, or
any details about the attempt?
On 5/8/2019 5:02 AM, Bill Johnson wrote:
We did hire a firm to come in and test. The
We're you told what prevented them from getting into the mainframe, or
any details about the attempt?
On 5/8/2019 5:02 AM, Bill Johnson wrote:
We did hire a firm to come in and test. They were able to get into the building
by piggy backing on someone else’s badge. Were able to get into various
Our SMPMTS (for 2.3) contains two macros for
HVRL100
OVERLAY GENERATION LANGUAGE, BASE
They look really old, but we start each release with a fresh SMPE environment,
so no carryover is possible.
.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dra
On Wed, 8 May 2019 17:50:20 +, Seymour J Metz wrote:
>> To my understanding they are just a target lib and distribution library.
>
>Yes, which is why they are not 9nterchangable. If you want macros from the
>running system, use MODGEN and MTS; if you want only the accepted service,
>use AM
4. Get management buy in to fix the problems they find, if any.
5. Even if they find nothing, repeat the pen test periodically.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List on behalf of
Charles Mills
S
The problem in my recent shops is management and security people whose
mainframe knowledge would struggle to fill a thimble. They find security
“holes” that are not really holes because they have no idea how the mainframe
or its security apparatus works.
Sent from Yahoo Mail for iPhone
On We
Have experienced the second paragraph many times.
Sent from Yahoo Mail for iPhone
On Wednesday, May 8, 2019, 1:28 PM, Seymour J Metz wrote:
Sometimes management won't let you correct a security problem until an auditor
finds it. A package or service that locates *real* threats can be very u
Of course, some documents would no longer work, so you need management buyin to
secure things.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List on behalf of
Gabe Goldberg
Sent: Wednesday, May 8, 2019 12:31 A
There are two very different questions.
1. Is it safe to run multilevel security on this platform?
2. Is it safe to run multilevel security at this site?
If the answer to the second question is no, then the answer to the first is
irrelevant.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu
PROFS uses Script; AFAIK it doesn't format documents itself.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List on behalf of
Phil Smith III
Sent: Tuesday, May 7, 2019 11:03 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subje
> To my understanding they are just a target lib and distribution library.
Yes, which is why they are not 9nterchangable. If you want macros from the
running system, use MODGEN and MTS; if you want only the accepted service, use
AMODGEN.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz
one of the biggest problems doing the (non-SNA) internal network around
the world was when (encrypted) links crossed national boundaries
... lots of push back from numerous countries around the world (even tho
all these links were between purely corporate locations).
other trivia: at big cutover t
I started out long ago and far away with an 026 BCD keypunch (it probably
had tubes in its electronics); had to learn a few "substitutions" for some
rare characters like + & -. It was wonderful to graduate to a "modern" 029
later. I even learned how to make one of those control cards you wrapped
Sometimes management won't let you correct a security problem until an auditor
finds it. A package or service that locates *real* threats can be very useful
leverage for tightening things up.
OTOH, an auditor, product or service that claims bogus security issues,
sometimes missing real issues
sipp...@sg.ibm.com (Timothy Sipples) writes:
> Together we sketched a picture of all this on a whiteboard so I could
> understand what they had done. After we drew the picture, I asked this
> simple question: "Is this secure?" After a very little bit of side
> discussion, very quickly, they did two
You have not punched cards, until you've punched them in the original Klingon.
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Paul Gilmartin
Sent: Wednesday, May 08, 2019 11:37 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Take cover, it's a student programmer! | Comp
I would think it is because at one time there was no MODGEN library and JCL all
pointed to AMODGEN. Then once MODGEN came into existence people just
added MODGEN and didn't delete AMODGEN to some samples. Sometimes I still
see samples pointing only to AMODGEN, so it is actually one of only two
On Wed, 8 May 2019 15:39:49 +, Seymour J Metz wrote:
>I don't know where to begin, but it reads like buzzword bingo. How many of the
>errors can you spot?
>
(link de-cisco-ized):
https://www.computerworld.com/article/3393220/take-cover-it-s-a-student-programmer.html
... Those header
I don't know where to begin, but it reads like buzzword bingo. How many of the
errors can you spot?
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List on behalf of
Mark Regan
Sent: Wednesday, May 8, 2019 11:05
We had worked out "In Theory" how we would do it.
About 18 months after we opened our second data center, Our Main Data Center
needed to shutdown over a long weekend, for 100% shutdown power maintenance.
After the Online's were shutdown Friday Night, We waited for all the DASD &
Tape to sync
It's 1970 and pilot fish is a college junior taking courses in computer
programming. And technology is progressing, as technology does. The school has
just upgraded from an IBM 360/40 mainframe to a much more powerful IBM 360/65.
It orders it with an entire megabyte of magnetic core memory, which a
Carmen Vitullo wrote:
>I'll also add, in spite of being flamed, SNA networks
>we're pretty secure
I'm going to push back on this one a bit, and not in a flaming way I hope.
"Classic" SNA can encrypt connections using DES or TDES, assuming your past
self/selves implemented it (not a given, cer
I guess the point of contention really is "vULnErAbiliTIeS"...
Words have meaning, a vulnerability is not equal to a loosely
configured/hardened system.
Of course, I could be wrong but I take the word to mean zero-days or something
that breaks a module/function, and the way it breaks is exploited
>> Hire one of the pen testing firms like RSM or Vanguard. Report back here if
>> they find no vulnerabilities. Tell me I'm wrong.
Agree with this 100%.
If you can catch Mark Wilson from RSM in bar, buy him some beers and he can
tell you redacted stories about pen tests that he has done that wi
Another reason for lot of focus on white/black hat focus on USS -- that's what
most of the non-mainframe world is already familiar with, lower barrier to
(unauthorized) entry to mainframe.
Don't know if any individual/team has/have *started* their break-the-mainframe
journey from core MVS...
–
On 2019-05-08 2:39 PM, Peter wrote:
Does it really makes any difference between the two ?
That depends on what maintenance you have applied but not accepted.
I would guess that JCL using AMODGEN in the assembler SYSLIB
concatenation dates from (or is cloned from JCL that dates from) the
time
IIRC like any A library name - they are SMP/E distribution libraries that
are NOT suppose to be customer modified so you know for a fact AMODGEN is
'pristine'.
if you don't modify any source in MODGEN you 'should' be Ok, I'm sure someone
will correct me if I am wrong.
thanks
Carmen Vit
We did hire a firm to come in and test. They were able to get into the building
by piggy backing on someone else’s badge. Were able to get into various
servers, but did not get into the MF.
Sent from Yahoo Mail for iPhone
On Tuesday, May 7, 2019, 9:26 PM, Charles Mills wrote:
I was travelli
You should activate the smf119 in tcp/ip
Configure with your necessary subtypes
Bin unterwegs hab nur iPhone zur Verfügung.😎
> Am 08.05.2019 um 09:26 schrieb Jorge Garcia :
>
> Hi Wolgfang,
>
> We don't have SMF records type 119 available in this system
>
> Thanks
>
>
Hi,
IMHO I think it's possible but for "pure Application Cobol Coding".
What I mean is that Cobol V6 does produce a load module with instructions
for the requested ARCHLVL you've set.
At runtime, only for called LE routines who accomplish some tasks (eg.
SQUARE ROOT or something like this), it's
Don't know about shared accounts but I reckon this allows for auditing what
goes on with privileged AD accounts...
https://blogs.technet.microsoft.com/jepayne/2017/12/08/weffles/
– Vignesh
Mainframe Infrastructure
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Cha
Hi Wolgfang,
We don't have SMF records type 119 available in this system
Thanks
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
53 matches
Mail list logo
