Perhaps this article is using the original meaning of "hacking", as used now mainly by Linux people, and not "cracking" which is the "proper" word for doing something against the law or company policy. I usually call it doing something "cleverly off the wall".
On Mon, May 20, 2013 at 2:07 PM, Costin Enache <[email protected]> wrote: > Embarrassing that some actually consider that a security flaw. Except for > the title, that article does not mention any security flaws or any other > problems related to the host. The article describes some evident > functionality - how to solve a technical challenge by FTP + JCL. To consider > this a backdoor is plainly silly. Why worry? The security guys will come > with that stuff printed out and ask if we are affected or not by this > vulnerability :) > > My 50c > Costin > > > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of John McKown > Sent: 18 May 2013 22:17 > To: [email protected] > Subject: Rather interesting article on "hacking the mainframe" using ftp > > http://mainframed767.tumblr.com/post/50574743147/big-iron-back-door-maintp-p > art-two > > basically the person must be able to ftp into a UNIX subdirectory and to > submit a job. They upload a program called "netcat" into a data set starting > with their RACF id. They then submit a job which copies the data set into > the /tmp subdirectory with a "random" name, chmod the name to be executable, > then executes does starts the netcat in the "background" (asynchronous to > the batch job) and piping to/from the z/OS UNIX shell. The "hacker" simply > connects to the port that netcat is listening on, and presto, they have a > shell on their desktop. > > > > -- > This is a test of the Emergency Broadcast System. If this had been an actual > emergency, do you really think we'd stick around to tell you? > > Maranatha! <>< > John McKown > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN -- This is a test of the Emergency Broadcast System. If this had been an actual emergency, do you really think we'd stick around to tell you? Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
