I'm not IBM expert, but...
1. This is bad or not followed procedure. BTW: I made it impossible in
my shop, since day 0. It was never ever possible to get new password on
production without procedure. The procedure was inconvenient, more time
consuming compared to call, but it wasn't bypassed. And yes, password
resets were thoroughly audited since day 1. And all shouting managers
were answered that we will react as quickly as possible, but still
according to the procedure.
2. MFA would make it impossible. MFA is additional cost, it is
inconvenient, but it works.
3. There is still possibility to kidnap one's child and force him to do
bad things. ...but this is not end of story. Separation of duties should
help here a little. For example sysprog or RACF admin can do anything
with the z/OS, but usually such person cannot reconfigure corporate
firewall or allow strangers to enter the data center.
--
Radoslaw Skorupka
Lodz, Poland
W dniu 08.10.2021 o 02:44, Tom Brennan pisze:
(Sorry, another repeat here) I once test-called the company Help Desk
and with no other information but the fact that I called from a
sysprog's desk phone (my own), they gave me not only a password reset,
but also told me my TSO userid because I had "forgotten" it, and then
helped me log on. Sure, a hacker would have to be at my desk, but
that could be accomplished.
IBM Experts: I'm ready for your correction.
On 10/7/2021 5:06 PM, Bill Johnson wrote:
The thing about you list dominators, is you think you know it all and
should never be challenged. I love when the IBM experts corrects one
of you.
Sent from Yahoo Mail for iPhone
On Thursday, October 7, 2021, 6:01 PM, Charles Mills
<[email protected]> wrote:
Exactly, and "that was not a real hack" would not get your data back.
Charles
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
