I'm always suspicious when the author has multiple nomenclature issues, misses subtle distinctions or has blatant errors.
> the 360 The S/360 > z/OS version 14 mainframe Words fail me. > Mainframes today do not actually run-on discretionary access control; rather, ! > they run on a mezzanine level of control called role-based access control. Note the confusion between what,e.g., RACF, supports and what a particular installation choose to deploy or recommend. > keylogger How is that a mainframe vulnerability? It's in the same category as a crooked emplooyee or a password on a sticky note on the desk. > published on GitHub, an open documentation website ! > Share 2017, a conference for end users of the IBM z/OS mainframe ! > SUID of 0 As others have noted, that's a file attribute, not a user attribute. > The authorized program facility (APF) library must be monitored for all access > because programs running from this library can change a normal ID to a > privileged ID. "That's not even wrong." > Computer operators are on the lookout for unusual activity on the Unix side > of the mainframe. Operators? This sort of article always makes me wonder whether the listed author delegated it to a graduate assistant. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [[email protected]] on behalf of Barkow, Eileen [[email protected]] Sent: Tuesday, December 21, 2021 8:36 AM To: [email protected] Subject: article about ransomeware and mainframe This article was written by Paul Renda, who is one of our colleagues in the RACF security group. https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.realcleardefense.com%2F&data=04%7C01%7CEBarkow%40doitt.nyc.gov%7C83d7e2a8d8c94c3ef06a08d9c47eacc6%7C73d61799c28440228d4154cc4f1929ef%7C0%7C0%7C637756870611033992%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=cJPoABb4zN%2BjjdtzetU936rkBhnnnSgSlROmjbCDsfw%3D&reserved=0 ________________________________ This e-mail, including any attachments, may be confidential, privileged or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
