To Peter Vander Woude: Did you watch the video? If so you missed the display at 2:24 which clearly shows ADCDMST and SYS1 group access.
In this case, I would wager with you that this is an ADCD system and the video maker set it all up. Yes I agree with your ramble but I'm glad you aren't an eye witness, you saw what you wanted to (not) see! On Thu, Dec 12, 2013 at 2:23 AM, Peter Vander Woude <[email protected] > wrote: > I'm not sure where everyone saw the ADCDMST userid being used. When I > viewed the video, I saw the userid used, for the ftp, to be bt0, and that > is set at around the 30 second mark into the video. > > I agree with many, who have participated in this discussion, that RACF can > be configured to reduce exposure to breaches. However, not all shops have > their systems tied down as tight as z/OS can be. To me this demonstrates > the fact that they got logged into ftp server, submitted a job, that > started a service, listening on a specific port, and then they utilized > this port in order to examine parts of the system. > > It is a very basic demonstration, and of course one that does not show any > specific exploit, that is true. But that could just be the start. How > many of us, have in the past, had some sort of svc, that when called, would > place the calling program into supervisor state? How many have properly > secured access to critical system datasets. > > I recently read a presentation, where the presenter was a z/OS security > system auditor, who would go into a shop, and then from a user with no > special access, was able to in as little as 10 minutes, change the access > that userid had on the system to a level where he could do just about > anything. > > For us to look at this simple demonstration, and claim "well that is a > bogus video", just ask the companies who have been breached (remember the > calls from IBM telling us to install certain fixes asap?). > > We also tend to think about breaches being from external sites. You can > do everything you can to lock down that access, but what about your > internal network? That's probably not secured as tightly as any > externally facing system/site. As stats show that almost 80% of data > breaches are from internal (anybody remember Snowden?) personnel, the > security of our z/OS systems requires us to tighten down the hatches, so to > speak. Social engineering is one of the ways to find out and get into a > system (ever had a user just come out and tell you their password when you > were working on a problem they had reported?). > > z/OS does have more controls that help to limit what someone can do, but > that only works IF the controls are in place and IF we, as system > programmers, have not installed something that is a backdoor (or found that > someone had previously done that), that can be used for nefarious purposes. > > Peter > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- Wayne V. Bickerdike ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
