Re: More of LOG4J

Sat, 29 Jan 2022 17:58:20 -0800 

On 29/1/22 11:53 pm, Itschak Mugzach wrote:

It seems you haven't read the link you sent... This article says exactly
what I claim. It was a UUS (aka UNIX) vulnerability that helped them get
UID 0. This is how it started.



You've changed direction now from open source to z/OS UNIX. Are you 
aware of what a "magic SVC" is? There have been many such "magic SVC's" 
shipped by vendors over the years
which could easily be exploited to grant an unauthorizd user access to 
RACF SPECIAL without running in z/OS UNIX. You say you have a scanner. 
Does it scan the SVC table?



I'm confused by what your agenda is. Should be get rid of anything 
modern, including z/OS UNIX which dates back to the 90s? Should we get 
rid of TCP/IP and bunker down in caves like
a bunch of troglodytes punching out code using 1950s/60s programming 
languages on terminal attached 3270 green screens using TSO?




ITschak

*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
and IBM I **|  *

*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|*
*Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il  **|*





On Sat, Jan 29, 2022 at 5:49 PM Raphaël Jacquot <sxp...@sxpert.org> wrote:


Le 29/01/2022 à 16:12, Itschak Mugzach a écrit :

David,

Prove your claim reg. "Enterprise software". Give at least one sample. My
claim is already proved. Nordea bank was penetrated from USS, LOG4J is an
open source.

ITschak

here is an article about the Nordea hack.

https://badcyber.com/a-history-of-a-hacking/

now go read it, in particular the details about RACF not being good
enough and stop blaming opensource for the failings

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN























					Reply via email to