In
cae1xxdf4ymwddo66fc7iuiomtfx+eclv-ngxp52yddjpevo...@mail.gmail.com,
on 05/21/2013
at 09:54 AM, John Gilmore jwgli...@gmail.com said:
Security via obscurity---Let's not talk about this; it may go away;
and we certainly don't want anyone else to know about it---is a
delusionary notion in all
On 5/22/2013 4:54 AM, Shmuel Metz (Seymour J.) wrote:
Adequate QA on the fix will take more than a few days. Once IBM makes
a gix available, it will take more than a few days for most shops to
install it.
If this is the hole I think it is, then IBM fixed it incorrectly, and
it had to be
On Wed, 22 May 2013 07:31:35 -0400, Gerhard Postpischil wrote:
On 5/22/2013 4:54 AM, Shmuel Metz (Seymour J.) wrote:
Adequate QA on the fix will take more than a few days. Once IBM makes
a gix available, it will take more than a few days for most shops to
install it.
One must balance the
On Tue, 21 May 2013 01:03:33 -0400, Scott Ford wrote:
First of all, been around a block a few thousand times..it's irresponsible
from the standpoint of publishing how to do it. I wouldn't do this or even
consider doing it ...but that's me
WTF!? If there were a real threat it would be
Here, as is not always my wont, I find myself in strong agreement with
Paul Gilmartin.
Security via obscurity---Let's not talk about this; it may go away;
and we certainly don't want anyone else to know about it---is a
delusionary notion in all but the very short term. (There is a case
to be
On 5/21/13, Scott Ford scott_j_f...@yahoo.com wrote:
Gil,
You have your opinion and I have mine. Lets leave it at that.
Scott ford
www.identityforge.com
from my IPAD
'Infinite wisdom through infinite means'
On May 21, 2013, at 9:22 AM, Paul Gilmartin paulgboul...@aim.com wrote:
On
John and Gil,
I am not trying to argue with anyone or take this personally ...
Scott ford
www.identityforge.com
from my IPAD
'Infinite wisdom through infinite means'
On May 21, 2013, at 10:06 AM, John Gilmore jwgli...@gmail.com wrote:
On 5/21/13, Scott Ford scott_j_f...@yahoo.com wrote:
I don't consider the article useless.
The take away should be: if you don't lock down your FTP(only) users so
that they can't submit jobs then they might do things that you didn't
expect. Also, you should secure your system so that arbitrary jobs cannot
bind to TCP ports.
Kirk,
Agreed ...firewalls can be breached too
Scott ford
www.identityforge.com
from my IPAD
'Infinite wisdom through infinite means'
On May 21, 2013, at 11:19 AM, Kirk Wolf k...@dovetail.com wrote:
I don't consider the article useless.
The take away should be: if you don't lock down
Kirk,
You have found graces, if not perhaps saving ones. My objection to
this piece was not so much to its content, which was banal, as it was
to its title, which was misleading and, I suspect, meretricious too.
John Gilmore, Ashland, MA 01721 - USA
The new mantra: Marketing, Marketing, Marketing has replaced the old
Location, Location, Location.
hacking in the title will get more hits than a title such as A way
to use FTP to get a UNIX shell prompt on z/OS
On Tue, May 21, 2013 at 10:30 AM, John Gilmore jwgli...@gmail.com wrote:
Kirk,
In
CAAJSdjhPY1=zvqhnrwbvdusc-yclionfbrzn3tt-zkczxup...@mail.gmail.com,
on 05/18/2013
at 03:17 PM, John McKown john.archie.mck...@gmail.com said:
http://mainframed767.tumblr.com/post/50574743147/big-iron-back-door-maintp-part-two
Control the resources, not the tools.
basically the person must
May 2013 22:17
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Rather interesting article on hacking the mainframe using ftp
http://mainframed767.tumblr.com/post/50574743147/big-iron-back-door-maintp-p
art-two
basically the person must be able to ftp into a UNIX subdirectory and to
submit a job
@LISTSERV.UA.EDU] On
Behalf Of John McKown
Sent: 18 May 2013 22:17
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Rather interesting article on hacking the mainframe using ftp
http://mainframed767.tumblr.com/post/50574743147/big-iron-back-door-maintp-p
art-two
basically the person must be able to ftp into a UNIX
On 05/20/2013 11:21 AM, Shmuel Metz (Seymour J.) wrote:
In
CAAJSdjhPY1=zvqhnrwbvdusc-yclionfbrzn3tt-zkczxup...@mail.gmail.com,
on 05/18/2013
at 03:17 PM, John McKown john.archie.mck...@gmail.com said:
http://mainframed767.tumblr.com/post/50574743147/big-iron-back-door-maintp-part-two
On Tue, 21 May 2013 00:03:00 -0400, Thomas Kern wrote:
On 05/20/2013 11:21 AM, Shmuel Metz (Seymour J.) wrote:
at 03:17 PM, John McKown said:
http://mainframed767.tumblr.com/post/50574743147/big-iron-back-door-maintp-part-two
Control the resources, not the tools.
There are easier ways to
Gil,
First of all, been around a block a few thousand times..it's irresponsible from
the standpoint of publishing how to do it. I wouldn't do this or even consider
doing it ...but that's me
Scott ford
www.identityforge.com
from my IPAD
'Infinite wisdom through infinite means'
On May 20,
I guess you could call it hacking. Or just using a wide-open system :-)
The user would need:
- network access to the FTP and listen port
- firewalls could prevent
- the TCP stack could limit (TERMINAL, SERVAUTH, etc)
- access to FTP and ability to upload an executable file
- an FTP
On Sat, 18 May 2013 15:17:22 -0500, John McKown john.archie.mck...@gmail.com
wrote:
http://mainframed767.tumblr.com/post/50574743147/big-iron-back-door-maintp-part-two
basically the person must be able to ftp into a UNIX subdirectory and
to submit a job. They upload a program called netcat into
In the Python script that a link in that site points to, I see that one line,
525, is over 202000 bytes long, assigning a string literal about that long to a
variable. I couldn't help but reflect that some text editors and viewers would
have trouble with that line. Python does allow string
I agree you need a RACF ID and password an of course a list of permits. Which
as was pointed that batch submission can be prevented by the permits no being
there. Secondly, I find an article of this type irresponsible.
Scott ford
www.identityforge.com
from my IPAD
'Infinite wisdom through
On Sun, 19 May 2013 18:21:38 -0400, Scott Ford wrote:
I agree you need a RACF ID and password an of course a list of permits. Which
as was pointed that batch submission can be prevented by the permits no being
there. Secondly, I find an article of this type irresponsible.
irresponsible
http://mainframed767.tumblr.com/post/50574743147/big-iron-back-door-maintp-part-two
basically the person must be able to ftp into a UNIX subdirectory and
to submit a job. They upload a program called netcat into a data set
starting with their RACF id. They then submit a job which copies the
data
On 5/18/2013 2:17 PM, John McKown wrote:
http://mainframed767.tumblr.com/post/50574743147/big-iron-back-door-maintp-part-two
basically the person must be able to ftp into a UNIX subdirectory and
to submit a job. They upload a program called netcat into a data set
starting with their RACF id.
On 5/18/2013 1:17 PM, John McKown wrote:
http://mainframed767.tumblr.com/post/50574743147/big-iron-back-door-maintp-part-two
basically the person must be able to ftp into a UNIX subdirectory and
to submit a job. They upload a program called netcat into a data set
starting with their RACF id.
OK, this is more like an authorized system user doing something beyond what
they are really supposed to. The real crack would be unauthorized use of a
valid id password/passphrase/cert.
I still thought it was interesting.
--
On Sat, May 18, 2013 at 5:15 PM, John McKown
john.archie.mck...@gmail.com wrote:
OK, this is more like an authorized system user doing something beyond what
they are really supposed to. The real crack would be unauthorized use of a
valid id password/passphrase/cert.
I still thought it was
...@hp.com
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Mike Schwab
Sent: Saturday, May 18, 2013 6:30 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Rather interesting article on hacking the mainframe using ftp
On Sat, May 18, 2013 at 5
Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Mike Schwab
Sent: Saturday, May 18, 2013 6:30 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Rather interesting article on hacking the mainframe using ftp
On Sat, May 18, 2013 at 5:15 PM, John McKown john.archie.mck...@gmail.com
wrote
Probably wouldn't matter. Governments as well as companies are paying third
parties for intercept software. They have even boasted of using firefox.exe as
a means of entry.
See https://citizenlab.org/2013/04/for-their-eyes-only-2/
Immoral they may be, but they aren't stupid.
Shane ...
On Sat,
On Sat, 18 May 2013 15:17:22 -0500, John McKown wrote:
http://mainframed767.tumblr.com/post/50574743147/big-iron-back-door-maintp-part-two
basically the person must be able to ftp into a UNIX subdirectory and
to submit a job. They upload a program called netcat into a data set
starting with
31 matches
Mail list logo
