On 8/10/2021 7:50 am, Tom Brennan wrote:
I'll repeat what I always say about this. If I was hacking a
mainframe I wouldn't start with the mainframe, I'd start with the
sysprog or security admin's PC or Mac or email or phone or whatever.
In that case it doesn't matter one bit how well the mainframe is
protected internally.
Exactly! Even the sophisticated malware such as stuxnet infected their
targets using USB thumb drives. It's not some magical network hacking
like we see in those ridiculous movies with the 3D graphics and barking
animated guard dogs.
One of my colleagues was working in the IBM OMVS development team when
the Logica breach occurred. The bottom line is the attacker used a
zero-day attack. Anyone that believes the mainframe is impervious to
zero-day attacks is dangerously naive. The source code is
on github https://github.com/mainframed/logica. The zero-day exploit was
a REXX exec. There are also shell-injection exploits and all sorts of
ingenious hacks.
It's also unfair to frame z/OS UNIX as the weak link just because of the
Logica breach. I'm lucky enough to work with some very smart and highly
experienced people and have heard very disconcerting stories about
security exposures in vendor code. The magic SVCs have already
been mentioned but I've even heard anecdotes about stealing passwords
from VTAM buffers.
And please stop with the political remarks. This seems to be the one
place on earth I can go without reading about politics. A place where
I can enjoy a 50+ post back-and-forth between Seymour and Gil, for
example, without hearing one word about US politics.
On 10/7/2021 3:21 PM, Bill Johnson wrote:
You’d have to be a poorly run shop to permit any of those to occur.
Maybe that’s why mainframe hacks have actually never
happened.....Biden successfully extracted 124,000 from Afghanistan in
a few weeks. Amazing.
Sent from Yahoo Mail for iPhone
On Thursday, October 7, 2021, 2:12 PM, Charles Mills
<[email protected]> wrote:
And assuming you never make a mistake. Never leave an APF data set
unprotected. Never give the wrong person console authority. Fully
understand APF on UNIX. Never have a Rexx PDS used by privileged
users that is modifiable by others. Have no magic SVCs. Have no
flawed APF code, no APF "tools" available inappropriately.
Charles
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]]
On Behalf Of Radoslaw Skorupka
Sent: Wednesday, October 6, 2021 2:13 PM
To: [email protected]
Subject: Re: Mainframe ransomware solution
W dniu 05.10.2021 o 15:24, Tommy Tsui pisze:
Hi
Any shop implement mainframe ransomware solution can share? IBM
seems has
cyber vault to handle this. Is there any other solution available ?
Thanks for sharing
<shameless mode>
Yes, we have such solution.
This is combination of the following products:
1. z/OS
2. RACF
3. Professional staff
</shameless mode>
Other means:
RACF
backup
Safeguarded copy and other vendors' solutions
audit
procedures
Note: all of the "solutions" marketed nowadays give you some cure *after
breach happened*. However that means some problems. It is unlikely to
restore with RPO=0. If you want RPO=0 then you should pay much more
attention at prevention, which means ...no, NOT ANOTHER PRODUCT.
Definitely first: professional staff, procedures, audit. And then maybe
some tools.
IBM Cyber Resiliency tools: Guardium, zSecure Suite, QRadar SIEM,
Safeguarded Copy...
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
