Hi Eileen,
I used to work at 2MT 6th floor during my SIAC days (2004-2010).
Regards,
David
On 2021-12-21 09:06, Barkow, Eileen wrote:
Thanks David. I passed your comments along to Paul
Eileen Barkow CICS Systems Programmer
NYC Information Technology & Telecommunications
2 MTC 2 FL Brooklyn,NY,11201
718.403.8649
917.436 0508
-----Original Message-----
From: IBM Mainframe Discussion List <[email protected]> On Behalf Of
David Spiegel
Sent: Tuesday, December 21, 2021 9:02 AM
To: [email protected]
Subject: [EXTERNAL] Re: article about ransomeware and mainframe
CAUTION: This email originated from outside of the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is safe. Forward suspect email to [email protected] as an attachment (Click
the More button, then forward as attachment).
Hi Eileen,
I read the article and there seems to be more than one elementary mistake:
"... IBM's modern mainframe series started with the 360 up to its current z/OS series ..." 360 is
software is hardware, z/OS is software "... Mainframes today do not actually run-on discretionary access
control; rather, they run on a mezzanine level of control called role-based access control
<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%253A%252F%252Fresources.infosecinstitute.com%252Fcertification%252Faccess-control-models-and-methods%26sa%3DD%26sntz%3D1%26usg%3DAFQjCNE49XmkPDVpRMSyE9lkbFngLP-shA&data=04%7C01%7C%7Cf8e62e661a794be5a6cc08d9c48b345c%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637756924481578745%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=uUYF91tzrd6fQct6qA26k%2F6WGwK7%2BLCa9mCvLhaC1Kw%3D&reserved=0>
.../". /This statement is true ONLY IF individual USERIds are not given access
to any resource. It is not default behaviour.
"... IDs run with a UNIX/Linux SUID of 0. ..." Maybe "UID" instead?
"... PC or a Mac that can run TN3270-emulation software. ..." Linux (not
mentioned) is more likely to be used than Mac "... All vendor-supplied and IBM software must
be audited for SUID = 0 ..." Again, UID, not, SUID "...The authorized program facility
(APF) library must be monitored for all access because programs running from this library can
change a normal ID to a privileged ID. ..." This library?! APF Lists can be hundreds of
Datasets.
Regards,
David
On 2021-12-21 08:36, Barkow, Eileen wrote:
This article was written by Paul Renda, who is one of our colleagues in the
RACF security group.
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgcc02.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fwww&data=04%7C01%7C%7Cf8e62e661a794be5a6cc08d9c48b345c%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637756924481578745%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=vlYymEwxvOnqpy7SU%2BX5PmUnvmHEjYpKbk%2FjfpYLHs8%3D&reserved=0.
realcleardefense.com%2F&data=04%7C01%7Cebarkow%40doitt.nyc.gov%7C9
41f8ee38114414c9e2008d9c48a7add%7C73d61799c28440228d4154cc4f1929ef%7C0
%7C0%7C637756921327426328%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi
LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Bhk%2F
3SUrFAIiasKShecjSxHTQmBVWdwrWUhnwulhF08%3D&reserved=0
________________________________
This e-mail, including any attachments, may be confidential, privileged or
otherwise legally protected. It is intended only for the addressee. If you
received this e-mail in error or from someone who was not authorized to send it
to you, do not disseminate, copy or otherwise use this e-mail or its
attachments. Please notify the sender immediately by reply e-mail and delete
the e-mail from your system.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send
email [email protected] with the message: INFO IBM-MAIN .
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
[email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
