I only wanted to know why dynalloc is no longer considered an exposure. When
these people did the risk analysis for dynalloc on MVS, what made them decide
why it's not an exposure and does not need to be a controlled resource?
Thanks, Jon.
On Saturday, December 23, 2017 8:40 AM, Ed Jaffe
<[email protected]> wrote:
On 12/23/2017 8:18 AM, Jon Perryman wrote:
> People are clever and will find ways to abuse things if they are motivated.
> Dynalloc can easily be exploited. It's not exploited because no one has been
> motivated to exploit it.
Security risks are big news in this century and there have been some
*outstanding* mainframe security-related presentations at SHARE, GSE/UK,
DefCon, DerbyCon, and elsewhere by "White Hats" like Phil Young
("Soldier of Fortran"), Chad Rikansrud ("Big Endian Smalls" -- Best
Session Award winner at SHARE), Mark Wilson of RSM Partners (also a Best
Session Award winner), Brian Marshall from Vanguard, and others. These
guys hack mainframes for a living! You can read their blogs and
interviews, download their presentations, and even watch them on video
in some cases. Just Google their names if you want to know more...
AFAICT, none of these experts caution against the use of DYNALLOC. It's
simply not seen as a risk to the platform.
--
Phoenix Software International
Edward E. Jaffe
831 Parkview Drive North
El Segundo, CA 90245
http://www.phoenixsoftware.com/
