Re: mainframe hacking "success stories"

You might remember that half of the hospitals in uk had their computers encrypted. I don't know if they paid any penalty other than the one to unencrypt. -- For IBM-MAIN subscribe / signoff / archive access instructions, send emai

mainframe hacking "success stories"

What is their budget going to look like when they get a $10,000 fine? Or does that not count. As I stated, if they can't do it securely, they shouldn't do it. Date:Sat, 22 Jun 2019 19:46:12 +0300 From:ITschak Mugzach Subject: Re: mainframe hacking "success stories"?

Re: mainframe hacking "success stories"?

dspiegel...@hotmail.com (David Spiegel) writes: > *HIPAA Summary of the HIPAA Security Rule https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html after leaving ibm, did some amount of work with financial industry, including rep on standards committees ... as part of bei

Re: mainframe hacking "success stories"?

a > HIPPA violation waiting to happen. Which in the US, carries potentially > severe consequences. > > Date:    Fri, 21 Jun 2019 13:33:39 +0300 > From:    ITschak Mugzach > Subject: Re: mainframe hacking "success stories"? > > Radoslav, > > Many clients I visit

Re: mainframe hacking "success stories"?

019 13:33:39 +0300 > From:    ITschak Mugzach > Subject: Re: mainframe hacking "success stories"? > > Radoslav, > > Many clients I visited allows local admin authority on windows workstation > to the machine user for ease of management. However, we get clients monthl

Re: mainframe hacking "success stories"?

articularly medical related companies such as hospitals. That's a > HIPPA violation waiting to happen. Which in the US, carries potentially > severe consequences. > > Date:Fri, 21 Jun 2019 13:33:39 +0300 > From:ITschak Mugzach > Subject: Re: mainframe hacking "s

Re: mainframe hacking "success stories"?

No matter how correctly a site does their work, there's always a chance of an issue. So how we handle a breach should also be looked at. For example, how can data be held hostage? You just treat the failure as if your production disks all died at once, restore from your latest offline backup

Re: mainframe hacking "success stories"?

lly > severe consequences. > > Date:Fri, 21 Jun 2019 13:33:39 +0300 > From:ITschak Mugzach > Subject: Re: mainframe hacking "success stories"? > > Radoslav, > > Many clients I visited allows local admin authority on windows workstation > to the machine

Re: mainframe hacking "success stories"?

ly medical related companies such as hospitals. That's a HIPPA violation waiting to happen. Which in the US, carries potentially severe consequences. Date:    Fri, 21 Jun 2019 13:33:39 +0300 From:    ITschak Mugzach Subject: Re: mainframe hacking "success stories"? Radoslav, Many

mainframe hacking "success stories"?

entially severe consequences. Date:Fri, 21 Jun 2019 13:33:39 +0300 From:ITschak Mugzach Subject: Re: mainframe hacking "success stories"? Radoslav, Many clients I visited allows local admin authority on windows workstation to the machine user for ease of management. However, we ge

Re: mainframe hacking "success stories"?

t; Because you don't come to SHARE? Specifically, Chad Rikansrud's security > keynote in March of 2017. > > > > Charles > > > > > > -Original Message- > > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of R.S

Re: mainframe hacking "success stories"?

Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of R.S. Sent: Monday, June 17, 2019 1:53 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking "success stories"? Did they use z/OS? Or maybe Linux on PC? Not? Windows? What a

Re: mainframe hacking "success stories"?

014ab5cdfb21-dmarc-requ...@listserv.ua.edu (Mike Wawiorko) writes: > Remember back in 1980 there was no sysplex. Each machine was a > stand-alone system with a single operating system - if we ignore VM > guests. > > There was a proliferation of 4341s, 4361s(?), 4381s and even a bit > later 9370

Re: mainframe hacking "success stories"?

and possibly others. Also remember non-IBM mainframes. Boroughs comes to mind but there were others. Mike Wawiorko   -Original Message- From: IBM Mainframe Discussion List On Behalf Of Bill Johnson Sent: 18 June 2019 05:00 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking

Re: mainframe hacking "success stories"?

frames? > > Charles > > > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Bill Johnson > Sent: Monday, June 17, 2019 2:08 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: mainframe hacking "success

Re: mainframe hacking "success stories"?

Johnson Sent: Monday, June 17, 2019 2:08 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking "success stories"? IBM z was more secure even when there were 1000 times more of them and a million times less MSFT platforms. Target was down again over the weekend. How many fools will

Re: mainframe hacking "success stories"?

9 2:08 PM >To: IBM-MAIN@LISTSERV.UA.EDU >Subject: Re: mainframe hacking "success stories"? > >IBM z was more secure even when there were 1000 times more of them and a >million times less MSFT platforms. Target was down again over the weekend. How >many fools will blame t

Re: mainframe hacking "success stories"?

.UA.EDU] On > Behalf Of Bill Johnson > Sent: Monday, June 17, 2019 2:08 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: mainframe hacking "success stories"? > > IBM z was more secure even when there were 1000 times more of them and a > million times less MSFT platfor

Re: mainframe hacking "success stories"?

ERV.UA.EDU Subject: Re: mainframe hacking "success stories"? Did they use z/OS? Or maybe Linux on PC? Not? Windows? What a surprise! BTW: I have heard many times about filese encrypted by ransomware. Why it's always Windows? Why the only file encryption on z/OS I ever heard is t

Re: mainframe hacking "success stories"?

Were there once 4 million mainframes? Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Bill Johnson Sent: Monday, June 17, 2019 2:08 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking "success stories"?

Re: mainframe hacking "success stories"?

IBM z was more secure even when there were 1000 times more of them and a million times less MSFT platforms. Target was down again over the weekend. How many fools will blame the mainframe again? When it was their point of sale system again. Sent from Yahoo Mail for iPhone On Monday, June 17,

Re: mainframe hacking "success stories"?

Did they use z/OS? Or maybe Linux on PC? Not? Windows? What a surprise! BTW: I have heard many times about filese encrypted by ransomware. Why it's always Windows? Why the only file encryption on z/OS I ever heard is the encryption directed by administrator? Why? -- Radoslaw Skorupka Lodz, Po

Re: mainframe hacking "success stories"?

W dniu 2019-05-13 o 02:42, Phil Smith III pisze: Bill Johnson posted a couple more links to mainframe blog posts from a mainframe vendor-more asking the barber if you need a shave; but even ignoring that, you don't appear to have actually read the articles, Bill. The first one

Re: mainframe hacking "success stories"?

Yep. Just updated my Win 10 machines. So bad they issued patches for Win XP and up, out of support for several years. On Wed, May 15, 2019 at 12:14 PM Bill Johnson <0047540adefe-dmarc-requ...@listserv.ua.edu> wrote: > > Microsoft (MSFT) is warning users about a monster computer bug. The comp

Re: mainframe hacking "success stories"?

Dang those pesky servers https://www.usnews.com/news/national-news/articles/2019-05-07/baltimore-targeted-by-ransomware-attack-city-shuts-down-most-of-its-servers In a message dated 5/15/2019 12:14:19 PM Central Standard Time, 0047540adefe-dmarc-requ...@listserv.ua.edu writes: Microsoft (MSFT

Re: mainframe hacking "success stories"?

Microsoft (MSFT) is warning users about a monster computer bug. The company says it has fixed the flaw but says it's “highly likely” that it will end up being used by malicious software. The flaw mainly affects older systems such as Windows 7 and Windows 2003.

Re: mainframe hacking "success stories"?

W dniu 2019-05-07 o 23:46, Bob Bridges pisze: Yeah, about that: What ~is~ a "controled program"? I noticed that qualification, but my background is apps development and I'm woefully ignorant in spots. A controlled program is the program defined to RACF in PROGRAM class. It can be CL(PROGRAM)

Re: mainframe hacking "success stories"?

+ 1 בתאריך יום ג׳, 14 במאי 2019, 21:29, מאת Alan Altmark ‏< alan_altm...@us.ibm.com>: > Reading all of these posts has brought out the salient points of IT > security: > > 1. All the technology in the world won't help you if you don't use it. > > 2. Stupid people can outwit a capable machine (SET

Re: mainframe hacking "success stories"?

+1CharlesSent from a mobile; please excuse the brevity. Original message From: Alan Altmark Date: 5/14/19 11:28 AM (GMT-08:00) To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking "success stories"? Reading all of these posts has brought out the salient po

Re: mainframe hacking "success stories"?

sme...@gmu.edu (Seymour J Metz) writes: > On the S/360 the Alternate CPU Recovery facility was limited to 65MP > (I don't know about 9020 or TSS/360.) On MVS it was a standard > facility, although on an AP or MP without Channel Set Switching losing > the processor with the I/O channels was fatal. W

Re: mainframe hacking "success stories"?

Reading all of these posts has brought out the salient points of IT security: 1. All the technology in the world won't help you if you don't use it. 2. Stupid people can outwit a capable machine (SET SECURITY OFF). 3. Z security builds on its long history and culture of talented people, effecti

Re: mainframe hacking "success stories"?

On Tue, 14 May 2019 09:35:42 -0600, Grant Taylor wrote: >On 5/14/19 7:08 AM, Tom Marchant wrote: >> Mildly? > >Yes, "mildly" is the word that I wanted to use. I explained why I chose it. > >> You can leave out the parenthetical "significantly". z machines can >> take a hard failure of a CP and a

Re: mainframe hacking "success stories"?

: mainframe hacking "success stories"? On 5/13/19 9:25 AM, Seymour J Metz wrote: > SPARC? I was shocked when I found out that the failure of a sing > processor could bring Solaris down. It really depends on the machine. Some machines are meant to allow processors to fail, be repl

Re: mainframe hacking "success stories"?

On 5/14/19 7:08 AM, Tom Marchant wrote: Mildly? Yes, "mildly" is the word that I wanted to use. I explained why I chose it. You can leave out the parenthetical "significantly". z machines can take a hard failure of a CP and a spare is switched in dynamically to take over the work. The unit

Re: mainframe hacking "success stories"?

On Mon, 13 May 2019 21:17:32 -0600, Grant Taylor wrote: >On 5/13/19 9:46 AM, John McKown wrote: >> Yes, we have had a TCM fail. I was almost called a liar when I told the >> Windows people that the z simply switch the work transparently (on the >> hardware level) to another CP. They were shocked a

Re: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"?

, 7 May 2019 09:26:58 -0300 From:Clark Morris Subject: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"? [Default] On 6 May 2019 20:10:27 -0700, in bit.listserv.ibm-main 0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) w

Re: mainframe hacking "success stories"?

On 5/13/19 9:46 AM, John McKown wrote: Yes, we have had a TCM fail. I was almost called a liar when I told the Windows people that the z simply switch the work transparently (on the hardware level) to another CP. They were shocked and amazed that we could "hot swap" a new TCM into the box witho

Re: mainframe hacking "success stories"?

On 5/13/19 9:25 AM, Seymour J Metz wrote: SPARC? I was shocked when I found out that the failure of a sing processor could bring Solaris down. It really depends on the machine. Some machines are meant to allow processors to fail, be replaced, be added, and brought online while the workload co

Re: mainframe hacking "success stories"?

john.archie.mck...@gmail.com (John McKown) writes: > Yes, we have had a TCM fail. I was almost called a liar when I told the > Windows people that the z simply switch the work transparently (on the > hardware level) to another CP. They were shocked and amazed that we could > "hot swap" a new TCM in

Re: mainframe hacking "success stories"?

MAIN@LISTSERV.UA.EDU Date: 13/05/2019 16:47 Subject:Re: mainframe hacking "success stories"? Sent by:IBM Mainframe Discussion List On Mon, May 13, 2019 at 10:41 AM Seymour J Metz wrote: > c 'sing' 'single' > > It may happen with m$ but it doesn

Re: mainframe hacking "success stories"?

And? -- Radoslaw Skorupka Lodz, Poland W dniu 2019-05-10 o 20:05, Bill Johnson pisze: https://www.share.org/blog/mainframe-matters-how-mainframes-keep-the-financial-industry-up-and-running Sent from Yahoo Mail for iPhone On Friday, May 10, 2019, 2:00 PM, R.S. wrote: W dniu 2019-05-10 o

Re: mainframe hacking "success stories"?

On Mon, May 13, 2019 at 10:41 AM Seymour J Metz wrote: > c 'sing' 'single' > > It may happen with m$ but it doesn't happen with z/OS and I suspect that > it doesn't happen with Linux (anyone here know what RAS Linux has?) > Yes, we have had a TCM fail. I was almost called a liar when I told the

Re: mainframe hacking "success stories"?

IBM Mainframe Discussion List on behalf of John McKown Sent: Monday, May 13, 2019 11:37 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking "success stories"? On Mon, May 13, 2019 at 10:26 AM Seymour J Metz wrote: > SPARC? I was shocked when I found out that the failur

Re: mainframe hacking "success stories"?

ntel / Windows (or Linux)? > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > > From: IBM Mainframe Discussion List on behalf > of Phil Smith III > Sent: Sunday, May 12, 2019 2:25 PM > To: IBM-MAIN@LISTSERV

Re: mainframe hacking "success stories"?

metz3 From: IBM Mainframe Discussion List on behalf of ITschak Mugzach Sent: Sunday, May 12, 2019 12:26 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking "success stories"? Security only mentioned twice in the article, mainly in access co

Re: mainframe hacking "success stories"?

:25 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking "success stories"? Charles Mills wrote, in part: >The mainframe seems to me to have also some "architectural" advantages. It >seems to support a denser "clustering." It does not seem to me tha

Re: mainframe hacking "success stories"?

Mike Schwab wrote: >Of course the ASCII (UTF-8) <=> EBCDIC uses cycles >and causes setup headaches that the rest of the world seems to have >solved with UTF-8. Um, huh? Db2 Version 5 (generally available in June, 1997) introduced formal ASCII support (CCSID ASCII clause). Db2 has formally support

Re: mainframe hacking "success stories"?

Let’s ask Microsoft about mainframe security. They probably know more. It’s really pretty simple. If it was easy to hack the mainframe, why isn’t it being hacked? That’s where the real money is. That’s where trillions of dollars are transferred daily. Now I remember why I lurked. Too many expert

Re: mainframe hacking "success stories"?

I forgot, the mainframe experts can’t be trusted. Sent from Yahoo Mail for iPhone On Sunday, May 12, 2019, 8:42 PM, Phil Smith III wrote: Bill Johnson posted a couple more links to mainframe blog posts from a mainframe vendor-more asking the barber if you need a shave; but even ignoring tha

Re: mainframe hacking "success stories"?

Bill Johnson posted a couple more links to mainframe blog posts from a mainframe vendor-more asking the barber if you need a shave; but even ignoring that, you don't appear to have actually read the articles, Bill. The first one

Re: mainframe hacking "success stories"?

li...@akphs.com (Phil Smith III) writes: > https://en.wikipedia.org/wiki/Xeon_Phi > > Up to 72 cores per chip, so up to 144 threads per socket. On an > eight-socket motherboard, that's, um, a lot. they announced they are discontinue Phi https://www.extremetech.com/extreme/290963-intel-quietly-kill

Re: mainframe hacking "success stories"?

More asserting. https://blog.syncsort.com/2018/09/mainframe/mainframes-secure-even-more-secure/  Sent from Yahoo Mail for iPhone On Sunday, May 12, 2019, 2:26 PM, Phil Smith III wrote: Charles Mills wrote, in part: >The mainframe seems to me to have also some "architectural" advantages. It

Re: mainframe hacking "success stories"?

Asserting with evidence. https://blog.syncsort.com/2018/06/mainframe/9-mainframe-statistics/  Sent from Yahoo Mail for iPhone On Sunday, May 12, 2019, 2:26 PM, Phil Smith III wrote: Charles Mills wrote, in part: >The mainframe seems to me to have also some "architectural" advantages. It >see

Re: mainframe hacking "success stories"?

0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) writes: > Until the mid-1990s, mainframes provided the only acceptable meansof > handling the data processing requirements of a large business. These > requirementswere then (and are often now) based on running large and > complex progra

Re: mainframe hacking "success stories"?

Charles Mills wrote, in part: >The mainframe seems to me to have also some "architectural" advantages. It >seems to support a denser "clustering." It does not seem to me that there is >anything in the Windows/Linux world that duplicates the advantages of 100 or >so very-closely-coupled (sharing

Re: mainframe hacking "success stories"?

0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) writes: > Right, my articles are flawed. Yet, real mainframe hacks can be > counted on one hand. And many of those are hypothetical or were > achieved via someone hacking a laptop (MSFT) or acquiring a valid > userid because of someone’s

Re: mainframe hacking "success stories"?

I also have a minor in law enforcement. I was going to be an FBI agent at one time. There is no perfect security. But, there are varying degrees of security. The security at my bank is better than at my house. Mainframe security is better than other platforms. It’s a major selling point. Sent

Re: mainframe hacking "success stories"?

Security only mentioned twice in the article, mainly in access control. None was related to the OS as a secure platform. I agree it has the potential, but the actual grade in many sites I tested are poor. it returns me to the fact that security is something cultural and depend on your role. if you

Re: mainframe hacking "success stories"?

Cleveland acknowledges for first time Hopkins airport hack involved ransomware Updated Apr 29, 2019; Posted Apr 29, 2019 City officials say 95 percent of the flight and baggage screens are operational. 0 shares By Mark Naymik, cleveland.com CLEVELAND, Ohio – All of last we

Re: mainframe hacking "success stories"?

Can you provide evidence that says non mainframe platforms are as secure or more secure than the mainframe? I'll wait in Cleveland as the airport is being held hostage to an attack and ransom to return its system files back. Cleveland acknowledges for first time Hopkins airport hack involved ran

Re: mainframe hacking "success stories"?

I generally agree with the assertion below that the value in the mainframe is the investment in intellectual property by businesses to develop their core logic that supports their business goals. The mainframe has had, and continues to support, superior technology that quite honestly has been r

Re: mainframe hacking "success stories"?

I also worked at a major bank 15 years ago and I can assure you security was the major reason we stayed on the MF. On Saturday, May 11, 2019, 7:54:17 PM EDT, Phil Smith III wrote: You know, I'm as big a fan of the mainframe as anyone. I've used mainframes for at least 45 of my 58 ye

Re: mainframe hacking "success stories"?

Heck with the link.   Mainframe concepts | Previous topic |Next topic |Contents |Glossary |Contact z/OS |PDF Who uses mainframes and why do they do it? Mainframe concepts | | | | So, who uses mainframes? Just about everyone has used amainframe computer at one point or another. If you eve

Re: mainframe hacking "success stories"?

No link there. On Sun, May 12, 2019 at 11:21 AM Bill Johnson < 0047540adefe-dmarc-requ...@listserv.ua.edu> wrote: > Maybe this link will be more likeable? > IBM Knowledge Center > > > > | > | > | | > IBM Knowledge Center > > -

Re: mainframe hacking "success stories"?

Fixing the link and proving I’m a mainframer at the same time. https://www.ibm.com/support/knowledgecenter/zosbasics/com.ibm.zos.zmainframe/zconc_whousesmf.htm   Sent from Yahoo Mail for iPhone On Saturday, May 11, 2019, 7:54 PM, Phil Smith III wrote: You know, I'm as big a fan of the mainfra

Re: mainframe hacking "success stories"?

Maybe this link will be more likeable? IBM Knowledge Center | | | | IBM Knowledge Center | | | On Saturday, May 11, 2019, 7:54:17 PM EDT, Phil Smith III wrote: You know, I'm as big a fan of the mainframe as anyone. I've used mainframes for at least 45 of my 58 years o

Re: mainframe hacking "success stories"?

I’m a huge fan of the mainframe. And security is not the ONLY reason for staying on it. But is a major reason large companies do. Sent from Yahoo Mail for iPhone On Saturday, May 11, 2019, 7:54 PM, Phil Smith III wrote: You know, I'm as big a fan of the mainframe as anyone. I've used mainfra

Re: mainframe hacking "success stories"?

Right, my articles are flawed. Yet, real mainframe hacks can be counted on one hand. And many of those are hypothetical or were achieved via someone hacking a laptop (MSFT) or acquiring a valid userid because of someone’s stupidity. If hackers wanted to go where the money is, and banks would be

Re: mainframe hacking "success stories"?

charl...@mcn.org (Charles Mills) writes: > The mainframe seems to me to have also some "architectural" > advantages. It seems to support a denser "clustering." It does not > seem to me that there is anything in the Windows/Linux world that > duplicates the advantages of 100 or so very-closely-coupl

Re: mainframe hacking "success stories"?

The big thing is the Business oriented compilers / instructions with accuracies to the penny. Lots of compilers don't have lots of fix point numbers with large numbers of digits. Sometimes it takes 2-3X as long as expected due to having to get the math instructions just right. Plus the open syst

Re: mainframe hacking "success stories"?

On 5/11/19 8:14 PM, Charles Mills wrote: The mainframe seems to me to have also some "architectural" advantages. It's my understanding that the mainframe has security related features in the hardware that some other architectures lack. It seems to support a denser "clustering." Please ela

Re: mainframe hacking "success stories"?

is inherently better at. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Phil Smith III Sent: Saturday, May 11, 2019 4:54 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking "success stories"? You

Re: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"?

: mainframe hacking "success stories"? On 11/05/2019 12:34 am, Dana Mitchell wrote: > > Doesn't the KDFAES password encryption algorithm make it *much* more > difficult to crack passwords, given access to the RACF database? I realize > nothing is impossible to crack..

Re: mainframe hacking "success stories"?

You know, I'm as big a fan of the mainframe as anyone. I've used mainframes for at least 45 of my 58 years on this planet, have made my living off them for almost 40 of those, and continue to do so. But the articles Bill Johnson is citing as proof that the mainframe is so superior to other p

Re: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"?

On 11/05/2019 12:34 am, Dana Mitchell wrote: Doesn't the KDFAES password encryption algorithm make it *much* more difficult to crack passwords, given access to the RACF database? I realize nothing is impossible to crack.. but at least not currently feasible with current available hardware.

Re: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"?

chanisms be used to steal RACF database? was Re: > mainframe hacking "success stories"? > > I found many security and system programmers assuming that in order to > manage security, one need access to the security database.I many > assessments I was able to copy the file w

Re: mainframe hacking "success stories"?

l...@garlic.com (Anne & Lynn Wheeler) writes: > Later two of the Oracle people in the Ellison meeting have left and are > at a small client/server startup responsible for something called > "commerce server" and we are brought in as consultants because they want > to do payment transactions on the

Re: mainframe hacking "success stories"?

Radoslav, I agree that people are the problem not the systems, but remember that systems are developed by humans. both, developers & sysprogs do mistakes. sorry to report that they (mistakes) are quit common. and for the product, it is VERY common. It speedup data retrieval form racf by reading t

Re: mainframe hacking "success stories"?

https://www.share.org/blog/mainframe-matters-how-mainframes-keep-the-financial-industry-up-and-running   Sent from Yahoo Mail for iPhone On Friday, May 10, 2019, 2:00 PM, R.S. wrote: W dniu 2019-05-10 o 19:50, Bill Johnson pisze: > https://www.allerin.com/blog/why-do-banks-still-use-mainframe

Re: mainframe hacking "success stories"?

Yep - that's what I was told. Of course it may have been just LzLabs' hope, or just talk. On 5/10/2019 10:53 AM, R.S. wrote: W dniu 2019-05-10 o 19:48, Tom Brennan pisze: And while I haven't heard any news about LzLabs (z/OS simulation on Linux) in the past couple of years, I was once told th

Re: mainframe hacking "success stories"?

W dniu 2019-05-10 o 19:48, Tom Brennan pisze: And while I haven't heard any news about LzLabs (z/OS simulation on Linux) in the past couple of years, I was once told their initial customers were going to be large European banks.  If so, those banks didn't really care what platform they were run

Re: mainframe hacking "success stories"?

W dniu 2019-05-10 o 19:50, Bill Johnson pisze: https://www.allerin.com/blog/why-do-banks-still-use-mainframes https://www.networkworld.com/article/3148714/why-banks-love-mainframes.html https://www.americanbanker.com/news/why-citi-is-buying-ibms-new-mainframe-for-mobile-transactions There are m

Re: mainframe hacking "success stories"?

W dniu 2019-05-07 o 21:33, ITschak Mugzach pisze: There are ways to collect IDs that might be used to penetrate the mainframe: - users defined to UADS but not to RACF. I properly managed system UADS-only  user cannot even succesfully logon. However it is not a problem since in properly conf

Re: mainframe hacking "success stories"?

https://www.allerin.com/blog/why-do-banks-still-use-mainframes  https://www.networkworld.com/article/3148714/why-banks-love-mainframes.html  https://www.americanbanker.com/news/why-citi-is-buying-ibms-new-mainframe-for-mobile-transactions   Sent from Yahoo Mail for iPhone On Friday, May 10, 2

Re: mainframe hacking "success stories"?

And while I haven't heard any news about LzLabs (z/OS simulation on Linux) in the past couple of years, I was once told their initial customers were going to be large European banks. If so, those banks didn't really care what platform they were running on, they just wanted their existing code

Re: mainframe hacking "success stories"?

W dniu 2019-05-07 o 19:48, Seymour J Metz pisze: 1964? What is the 7090, chopped liver? It is the same as FP6000 or ENIAC or any other dino computer. -- Radoslaw Skorupka Lodz, Poland == Jeśli nie jesteś adresatem tej wi

Re: mainframe hacking "success stories"?

W dniu 2019-05-07 o 15:11, ITschak Mugzach pisze: Funny credit card story. Here in Israel, a company had all cc on an encrypted hd. The person used the desktop took the hd home, booted from the hd and copied all data. Then, from Thailand, he tried to blackmail his employee. What value encryption

Re: mainframe hacking "success stories"?

No it isn’t and I provided 2 links to articles proving it. It’s security. Sent from Yahoo Mail for iPhone On Friday, May 10, 2019, 1:35 PM, R.S. wrote: W dniu 2019-05-06 o 22:18, Bill Johnson pisze: > It’s why banks stay on the mainframe. Security. No, it is legacy. -- Radoslaw Skorupka Lo

Re: mainframe hacking "success stories"?

W dniu 2019-05-06 o 22:22, ITschak Mugzach pisze: No. It has nothing to do with security. It is a lagend. Penetrated all my clients. The reason is convertion complexity, tco and simplicity. Security, in a nut shell is what your sysprog does. Only few security guys left to guide them. It's not a

Re: mainframe hacking "success stories"?

W dniu 2019-05-06 o 22:18, Bill Johnson pisze: It’s why banks stay on the mainframe. Security. No, it is legacy. -- Radoslaw Skorupka Lodz, Poland == Jeśli nie jesteś adresatem tej wiadomości: - powiadom nas o tym w mail

Re: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"?

: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"? I found many security and system programmers assuming that in order to manage security, one need access to the security database.I many assessments I was able to copy the file with no

Re: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"?

That's true password cracking can be complex. However, if you have a copy of the database you can find who are the users that have admin authority and concentrate cracking their passwords. ITschak בתאריך יום ו׳, 10 במאי 2019, 17:49, מאת Mark Jacobs ‏< 0224d287a4b1-dmarc-requ...@listserv.ua.

Re: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"?

Yes; The KDFAES algorithm is used to encrypt passwords and password phrases, but not OIDCARD data. It is designed to be resistant to offline attacks by incorporating the following properties: Each instance of a RACF® password injects randomly generated text into the encryption process. This pr

Re: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"?

On Fri, 10 May 2019 00:24:18 -0400, Bob Bridges wrote: >The lesson I take from this, and pass on to >my clients, is that read access to the security database is a huge exposure >and in most cases - that is, for most user IDs - completely unnecessary. > Doesn't the KDFAES password encryption algo

Re: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"?

: mainframe hacking "success stories"? No, ~I~ quoted "there are solid indications" etc. Mr Mills asserts that they did not, which is contrary to my own reading but at this remove perhaps it doesn't matter. Whatever actually happened at Logica, the important point is that

Re: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"?

ion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Clark Morris > Sent: Tuesday, May 7, 2019 5:27 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Can backup mechanisms be used to steal RACF database? was Re: > mainframe hacking "success stories"? > > [Default] On 6 May

Re: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"?

No, ~I~ quoted "there are solid indications" etc. Mr Mills asserts that they did not, which is contrary to my own reading but at this remove perhaps it doesn't matter. Whatever actually happened at Logica, the important point is that with read access a hacker would be able to do so, a situation m

Re: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"?

mour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List on behalf of Charles Mills Sent: Thursday, May 9, 2019 2:35 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Can backup mechanisms be used to steal RACF database? was Re: mainframe hackin

Re: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"?

To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"? What causes IBM integrity (code-based) APARs to be generated? Surely not all of them are found internally. The thing is, with the way integrity

Re: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"?

es > > > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Bill Johnson > Sent: Thursday, May 9, 2019 10:32 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Can backup mechanisms be used to steal RACF database? was Re: &

  1   2   3   >