Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?

Tue, 08 Jun 2010 23:53:57 -0700 

Rick Fochtman pisze:

-------------------------------------<snip>------------------------------
It would be nice if someone actually documented a hole, instead of all the urban legends we hear. Outside the magic SVC, or a trusted person planting malware in an APF library, I don't know of any "holes". Please share. 
-------------------------------------<unsnip>----------------------------
Documenting a "hole" could be a seriously bad idea, since it might give a potential troublemaker exactly the opening he's looking for. 


Documenting a hole is very good idea. If you don't do it, hackers will 
do it. What's better - to have a hole and don't know about it or to have 
hole and be aware of that?

I choose he second option, definitely.

Last but not least: documented hole can be went around, avoided. Of 
course, usually documenting hole is first step to fix it.



Example: BPX.DAEMON resource in FACILITY class. It can be understood as 
a fix for the hole existing in original Unix standard. It is quite well 
documented - that's why I know what is the purpose of the profile and 
what is the risk if I don't have the profile. It can reside on "what you 
have to protect" security checklist.


Regards
--
Radoslaw Skorupka
Lodz, Poland


--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl


Sd Rejonowy dla m. st. Warszawy 
XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, 
nr rejestru przedsibiorców KRS 0000025237

NIP: 526-021-50-88
Wedug stanu na dzie 01.01.2009 r. kapita zakadowy BRE Banku SA (w caoci 
wpacony) wynosi 118.763.528 zotych. W zwizku z realizacj warunkowego 
podwyszenia kapitau zakadowego, na podstawie uchway XXI WZ z dnia 16 marca 
2008r., oraz uchway XVI NWZ z dnia 27 padziernika 2008r., moe ulec 
podwyszeniu do kwoty 123.763.528 z. Akcje w podwyszonym kapitale zakadowym 
BRE Banku SA bd w caoci opacone.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html























					Reply via email to