Re: z/OS SYSLOG - why not let everybody read?

Tue, 18 Sep 2012 07:04:17 -0700 

I've never seen such an ICH408I message. In our shop, z/OS 1.12, I do see:

ICH408I USER(USH360  ) GROUP(USHG    ) NAME(MELANIE A RUST      ) 419
  LOGON/JOB INITIATION - INVALID PASSWORD ENTERED AT TERMINAL D08VDTW3

So I guess this could be used by a person to correlate names and userids in 
order to do a "Denial Of Service" attack on an "enemy" by attempting to logon 
to the system with an invalid password. Or even, perhaps, to try to get names 
in order to do a "social engineering" type attack.

-- 
John McKown
Systems Engineer IV
IT

Administrative Services Group

HealthMarkets®

9151 Boulevard 26 . N. Richland Hills . TX 76010
(817) 255-3225 phone .
[email protected] . www.HealthMarkets.com

Confidentiality Notice: This e-mail message may contain confidential or 
proprietary information. If you are not the intended recipient, please contact 
the sender by reply e-mail and destroy all copies of the original message. 
HealthMarkets® is the brand name for products underwritten and issued by the 
insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance 
Company®, Mid-West National Life Insurance Company of TennesseeSM and The MEGA 
Life and Health Insurance Company.SM


> -----Original Message-----
> From: IBM Mainframe Discussion List [mailto:[email protected]]
> On Behalf Of R.S.
> Sent: Tuesday, September 18, 2012 8:57 AM
> To: [email protected]
> Subject: Re: z/OS SYSLOG - why not let everybody read?
> 
> W dniu 2012-09-18 15:30, McKown, John pisze:
> > Well, that's the general question. Is there any reason why the
> > "average joe", regardless of job function, should *NOT* have the
> > ability to look at SYSLOG? Does anybody put "sensitive" data out to
> > it?
> 
> Security by obscurity?
> 
> 
> 
> BTW: ICH408I may contain sensitive data, user passwords in clear text.
> 
> How-to:
> User JSMITH pass ABCD1234
> Logon APPLID=CICS1
> userID: ABCD1234
> pass: *****
> 
> ;-)
> 
> 
> --
> Radoslaw Skorupka
> Lodz, Poland
> 
> 
> 
> 
> 
> 
> --
> Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku
> przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by
> jedynie jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie
> jeste adresatem niniejszej wiadomoci lub pracownikiem upowanionym do
> jej przekazania adresatowi, informujemy, e jej rozpowszechnianie,
> kopiowanie, rozprowadzanie lub inne dziaanie o podobnym charakterze
> jest prawnie zabronione i moe by karalne. Jeeli otrzymae t
> wiadomo omykowo, prosimy niezwocznie zawiadomi nadawc wysyajc
> odpowied oraz trwale usun t wiadomo wczajc w to wszelkie jej
> kopie wydrukowane lub zapisane na dysku.
> 
> This e-mail may contain legally privileged information of the Bank and
> is intended solely for business use of the addressee. This e-mail may
> only be received by the addressee and may not be disclosed to any third
> parties. If you are not the intended addressee of this e-mail or the
> employee authorised to forward it to the addressee, be advised that any
> dissemination, copying, distribution or any other similar activity is
> legally prohibited and may be punishable. If you received this e-mail
> by mistake please advise the sender immediately by using the reply
> facility in your e-mail software and delete permanently this e-mail
> including any copies of it either printed or saved to hard drive.
> 
> BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 (22) 829 00
> 00, fax +48 (22) 829 00 33, www.brebank.pl, e-mail: [email protected]
> Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego
> Rejestru Sdowego, nr rejestru przedsibiorców KRS 0000025237, NIP:
> 526-021-50-88.
> Wedug stanu na dzie 01.01.2012 r. kapita zakadowy BRE Banku SA (w
> caoci wpacony) wynosi 168.410.984 zotych.
> 
> 
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to