Thanks, so the ASM program from the blog was never used, but the main
problems were:
1) Some way to get UID=0 access (I think Soldier of Fortan mentioned
this years ago, which I hope has been fixed).
2) RACF DB that was not read protected (not the brightest)
On 1/30/2022 12:09 PM, Itschak Mugzach wrote:
Ho Tom,
Once they got root, they were able to unload racf DB that was not well
protected and run an (open source) password cracker. They had time to get
many user passwords. No user SVC was involved, not needed. I don't know
where David collects his information, but the breach is well documented in
many reports.
Best,
ITschak
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
