+1 *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| *
*|* *Email**: [email protected] **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* On Sun, Jan 30, 2022 at 3:27 PM Seymour J Metz <[email protected]> wrote: > That only works if there is such an SVC. A competent auditor would red > flag it immediately. Alas, not every auditor is competent :-( > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > ________________________________________ > From: IBM Mainframe Discussion List [[email protected]] on behalf > of Itschak Mugzach [[email protected]] > Sent: Sunday, January 30, 2022 3:07 AM > To: [email protected] > Subject: Re: More of LOG4J > > Tom, > > This is an old trick that allows a program to call SVC to switch to > supervisor mode and key zero. Once you are there, you can do almost > everything. for example, login to another user without specifying a > password, use the bypass userid, and so on. > > However, David only mentions a facility that is quite common, but hasn't > proved it was used in an illegal operation. > > Best, > ITschak > > *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere > Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux > and IBM I **| * > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
