- I am aware of integrity exposures (violations of the IBM statement of
integrity) on the latest release(s) of z/OS, in fact, the software I use
has found many on the latest releases of z/OS and ISV products.
- Exploits based upon these integrity exposures would be successful
(i.e. - access allowed, no audit trail of activity)
- This would require access to z/OS (inside attack), and would take some
sophistication to develop an exploit, but the use of the exploit would
not take any sophisticated knowledge. In one case, for a vulnerability
my software found in an ISV product, I was able to develop an 11 line
REXX Exec that could be executed from TSO and give the user RACF
Privileged access. That is access to any dataset on the system with no
security system SMF records being generated.
- The fact that this exploit would require "insider" status is not
something that should be dismissed because a 2008 Strategic Counsel
survey, commissioned by CA, found that the percentage of internal
attacks is increasing -- from 15% of all breaches in 2003, to 42% in
2006, to 44% in 2008. And in a 2010 PacketMotion Survey of US Government
Agency Representatives, 59% felt that employees were the biggest threat!
- The fact that the "successful hacks" were not publicized does not
surprise me. My experience is that "successful hack" information is
closely guarded and not disclosed. Organizations do not want it known
that they have been successfully attacked.
- I have a lot more information on my website: www.vatsecurity.com
<http://www.vatsecurity.com> and information on the software I have
developed, the Vulnerability Analysis Tool, which does a vulnerability
scan on z/OS systems and finds many, many z/OS and ISV system integrity
vulnerabilities.
Ray Overby
Key Resources, Inc.
Ray.Overby.kr-inc.com
On 10/13/2010 09:26 AM, Greg Shirey wrote:
I liked this article, and it's fairly recent. (Jan 2010)
http://www.mainframezone.com/it-management/mainframe-hacking-fact-or-fiction/P1
Greg
Joe Mc wrote:
I'm getting into a rather heated argument with a non mainframe
colleague
about whether the mainframe has been hacked or not. Legitimate hacking,
not a disgruntled employee doing something illegal and not loss of tapes
or other media. I'm talking the mainframe platform. Thoughts?
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
