On Mon, 20 Jul 2009 14:43:32 -0400, David Cole <[email protected]> wrote:
>... >>>A couple of years ago, there was a thread called "Back doors". I >>>posted something there about the vulnerability of z/OS to hacking. >>>Here's the link: >>>http://alabamamaps.ua.edu/cgi-bin/wa?A2=ind0608&L=IBM- MAIN&P=R63457&X=2F4EDA1D0DDA5823A7-&Y=dbcole% 40colesoft.com >>> >>> >>>(The resulting silence was deafening.) >>... Maybe the result was silence that time but the general topic has been discussed a number of time in a number of venues. I think you were saying that you have the keys to the realm if you are an authorized program and IBM requires authorization for far too many services, so it is far too easy to stick back-door code in a program that "needs" to be authorized. That certainly is a hole in mainframe security, but I don't think of that as a "hacking" issue. (I'm going to assume the "hacking" in the original posting was meant to imply a breaching of MVS security by outsiders where "outsiders" could be either outside the company or outside the group of legitimate users - a meaning real hackers would find very offensive.) Writing a back door is "an inside job". It could be an interesting hack, but I don't think that's what the OP meant. MVS security (when used) does a good job of keeping outsiders out, but no system on any operating system is safe from those that are given the authority to bypass the security. Pat O'Keefe I think "hacking" around or through MVS security is very rare. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
