The big problem is that PCs are used as terminals, and key stroke loggers will capture userids and passwords, whatever system you are connecting to. The big advantage to mainframe security is a UserID and Password only gets you access to a very small slice of the mainframe (Racf admin, system admin, database admin, cics admin, ims admin, many different application admins, etc), versus a Unix admin where a root password gets you everything.
On Thu, May 12, 2022 at 11:47 AM Itschak Mugzach <[email protected]> wrote: > > Don't know if this is part of the article aspects... Most people think that > phishing does not threaten mainframes since the attack infrastructure is > usually email (or phone). However, many organizations use password Sync, so > no matter which password I get, it is the one that is used on the > mainframe. Many other organizations use an email alias as userid@org. So > the scammer probably asked for the internal email and got the user on the > mainframe as well. > > All that just to say that technology tried to save us the need/risk to > remember/write-down a lot of passwords but raised new threats. > > ITschak > > *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere > Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux > and IBM I **| * > > *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 **|* > *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* > > > > > > On Thu, May 12, 2022 at 1:12 PM Seymour J Metz <[email protected]> wrote: > > > No, SYSCTLG and CVOLs had key length 8, to say nothing of PDS directories. > > > > > > -- > > Shmuel (Seymour J.) Metz > > http://mason.gmu.edu/~smetz3 > > > > ________________________________________ > > From: IBM Mainframe Discussion List [[email protected]] on behalf > > of Tom Brennan [[email protected]] > > Sent: Wednesday, May 11, 2022 7:03 PM > > To: [email protected] > > Subject: Re: The Story of Mainframe Passwords > > > > I remember that dataset. When I first started, one of my jobs was to > > run a program someone had written that read every record looking for a > > dataset match, and then spit out the password. That was for folks who > > forgot their dataset password of course. The program took maybe 10 > > minutes to run, and one day I figured out it was probably the only > > dataset on the system that used the K in CKD, so I reworked the program > > to use the key and it could then find a particular record in an instant. > > > > On 5/11/2022 3:07 PM, Gibney, Dave wrote: > > > Including when password had nothing to do with authentication and system > > access. The PASSWORD file (yes, single level dataset name) was used to > > implement PASSWORD protection for specific datasets. > > > > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
