My first reaction would be to go back to their web site and try to find a security individual or IT director level person and try to tell them about the hole. I know I wouldn't want that hole in MY state's system (or my company's)! If it was there, I'd want to know about it.
Rex -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Jim Harrison Sent: Friday, September 21, 2007 3:28 PM To: [email protected] Subject: Open 3270 connection on the net?? I was Googling for some MQ information this afternoon and happened upon a state IT website. Since it was a state I've often thought of moving to, I began browsing further to look at job postings and tried to find out where they were physically located. Somehow I came upon a link for HOD and of course I had to click on it. Guess what? The software loads and I have the magic button sitting in front of me - and of couse, I had to click it. Lo and behold, I got the VTAM logon screen for their z/os system! My question is, is this common? I can see doing it via a VPN, but open to the public? Granted, guessing their applids, userIDs & passwords would be quite difficult, but I am not a professional hacker, so I don't know for sure how big an exposure it is. I know our security people would freak if we had an open connect point. BTW, I closed the window, backed out immediately and didn't even try looking further. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
