Clark,
The answer to your original question is 'yes'. With regard to FDR, see the
following article in our RACF Tips newsletter.
https://www.rshconsulting.com/racftips/RSH_Consulting__RACF_Tips__January_2008.pdf
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
Passphrases and MFA!
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Andrew Rowley
Sent: Friday, May 10, 2019 6:32 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Can backup mechanisms be used to steal RACF database? was Re:
On 11/05/2019 12:34 am, Dana Mitchell wrote:
Doesn't the KDFAES password encryption algorithm make it *much* more difficult
to crack passwords, given access to the RACF database? I realize nothing is
impossible to crack.. but at least not currently feasible with current
available hardware.
yes, it is an option, but the solution recommended by the vendor is srver
mode. however, not all products/features that are based on this product
support server mode.
On Fri, May 10, 2019 at 6:43 PM Seymour J Metz wrote:
> Couldn't you grant the access only through PADS?
>
>
> --
> Shmuel
Couldn't you grant the access only through PADS?
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List on behalf of
ITschak Mugzach
Sent: Friday, May 10, 2019 1:06 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Can
That's true password cracking can be complex. However, if you have a copy
of the database you can find who are the users that have admin authority
and concentrate cracking their passwords.
ITschak
בתאריך יום ו׳, 10 במאי 2019, 17:49, מאת Mark Jacobs <
Yes;
The KDFAES algorithm is used to encrypt passwords and password phrases, but not
OIDCARD data. It is designed to be resistant to offline attacks by
incorporating the following properties:
Each instance of a RACF® password injects randomly generated text into the
encryption process. This
On Fri, 10 May 2019 00:24:18 -0400, Bob Bridges wrote:
>The lesson I take from this, and pass on to
>my clients, is that read access to the security database is a huge exposure
>and in most cases - that is, for most user IDs - completely unnecessary.
>
Doesn't the KDFAES password encryption
No argument there! :-)
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Bob Bridges
Sent: Thursday, May 9, 2019 9:24 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Can backup mechanisms be used to steal RACF database? was Re:
I found many security and system programmers assuming that in order to
manage security, one need access to the security database.I many
assessments I was able to copy the file with no problem. While this
assumption is completely untrue, many of you make use of (at least one)
racf administration
No, ~I~ quoted "there are solid indications" etc. Mr Mills asserts that
they did not, which is contrary to my own reading but at this remove perhaps
it doesn't matter. Whatever actually happened at Logica, the important
point is that with read access a hacker would be able to do so, a situation
> Yes, that assertion is incorrect. Read my post.
The only thing that I see that is relevant is where you quoted "There are also
solid indications that they downloaded the RACF database (about 28MB", which
certainly seems consistent with Bob's claim.
--
Shmuel (Seymour J.) Metz
Any customer who discovers a security bug can report it. BTDT,GTTS (just the
tee shirt, no scars.)
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List on behalf of Lou
Losee
Sent: Thursday, May 9, 2019 4:21 PM
What causes IBM integrity (code-based) APARs to be generated? Surely not
all of them are found internally. The thing is, with the way integrity
APARs are handled the source of the problem is never disclosed. Many are,
I believe, zero-days, that would cause a hack if found by the wrong person.
On Thu, May 9, 2019 at 2:45 PM Bill Johnson <
0047540adefe-dmarc-requ...@listserv.ua.edu> wrote:
> 5 LPARS, shared DASD, same rules for each LPAR. Full volume backups were
> controlled by 1 DASD Admin.(now deceased) I no longer work there. As the
> installer of the security product, TSS, even
5 LPARS, shared DASD, same rules for each LPAR. Full volume backups were
controlled by 1 DASD Admin.(now deceased) I no longer work there. As the
installer of the security product, TSS, even I had very limited access to the
security datasets.
If hacking the mainframe was easy, or even slightly
Yes, that assertion is incorrect. Read my post.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Seymour J Metz
Sent: Thursday, May 9, 2019 11:29 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Can backup mechanisms be used to
> And yes, it was a z/OS vulnerability.
Are you saying that Bob Bridges was wrong when he wrote "The stolen ID also had
read access to the RACF database.."? It's not a vulnerability of the lock when
you leave your key on the porch for anyone to use.
--
Shmuel (Seymour J.) Metz
How about a volume backup? How about from a sandbox LPAR that shares DASD?
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Bill Johnson
Sent: Thursday, May 9, 2019 10:32 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Can
I have read the entire, very thorough police report, as has Chad R. Phil Young
has done considerable research on this.
There were two parts to it.
Svartholm somehow got the MPAA lawyer's user login for the Infotorg legal
database, hosted on USS. (The "somehow" may be known but I do not know or
All of the security datasets are locked down to all but a select few. It would
be next to impossible for someone not considered highly trustworthy to do
anything with them.
Sent from Yahoo Mail for iPhone
On Thursday, May 9, 2019, 1:16 PM, Charles Mills wrote:
To answer the OP question,
I believe Peter's right. The hackers got a stolen ID with some RACF power, by
means not positively identified but social engineering is as likely as any
other hypothesis. (I read ~speculation~ about an HTTP vulnerability, but the
forensic investigators never established how the initial
To answer the OP question, Yes, assuming
- The perp has the ability to run some sort of volume backup, such as
authority to the volume and to run a volume backup program.
- The ability to copy the backup off of the system, such as with FTP, access
to a physical tape drive, or downloading to a PC
No.
Read the original thread here.
It was a vulnerability in a Web server.
Hacking the RACF database was done well after the fact, by investigators.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Peter Vander Woude
Sent:
If you can transfer the backup file (real or virtual tape) to another
system, then you can use the admin authorization to restore any or all
files in the backup file. Just like using a rescue system to restore
at a DR site.
On Thu, May 9, 2019 at 8:56 AM Peter Vander Woude
wrote:
>
> On Tue, 7
On Tue, 7 May 2019 09:26:58 -0300, Clark Morris wrote:
>Could someone use DF/DSS, DF/HSM, FDR or FDR/ABR to copy the database
>and then download the dump of the database?
>
>Clark Morris
>>
Clark,
If they have read access to the database, yes. That's what happened in the
Swedish bank hack,
[Default] On 6 May 2019 20:10:27 -0700, in bit.listserv.ibm-main
0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
>In most shops only 2 people have the required access to the RACF database.
>
Could someone use DF/DSS, DF/HSM, FDR or FDR/ABR to copy the database
and then
27 matches
Mail list logo
