Yes, I remember this article. I also read that in Polish. :-)
And at the time whole police report was leaked. 200+ pages.
It was definitely impossible without intercepted password and many
configuration mistakes.
HTTP vulnerability was also there, but it was not the way to hack in.
https://zaufanatrzeciastrona.pl/historia-pewnego-wlamania/ (still in
Polish, inside links to several articles)
--
Radoslaw Skorupka
Lodz, Poland
W dniu 08.10.2021 o 16:54, Bob Bridges pisze:
The way I read in the long Polish article about the Logica hack, when I
researched it back in 2013, is that there was speculation about USS and about
an HTTP flaw, but the forensics folks in the end thought they probably got hold
of a password in the good old-fashioned way and went from there. They did
indeed find and exploit USS configuration goofs. And the HTTP flaw is real
(https://nvd.nist.gov/vuln/detail/CVE-2012-5955), but Logica's post-hack report
doesn't mention it; so they, at least, didn't think it figured into the
original break-in or in the culprits' activities afterward.
---
Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313
/* I've never hated a man enough to give him his diamonds back. -Zsa-Zsa Gabor
*/
-----Original Message-----
From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of
Charles Mills
Sent: Thursday, October 7, 2021 18:49
Assuming you don't count Logica. ("Oh, that wasn't a real mainframe hack, they came
in through USS.")
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Bill Johnson
Sent: Thursday, October 7, 2021 3:21 PM
You’d have to be a poorly run shop to permit any of those to occur. Maybe
that’s why mainframe hacks have actually never happened....
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
