It seems to me that the piece makes it amply clear that management ineptitude and not the failure/penetration of some security scheme was the root cause of this debacle.
We need to avoid representing mainframes as inherently secure. RACF and its competitors, z/Architecture proper, z/OS encryption facilities, and the like make excellent mainframe security attainable. If these facilities go unused or are misused, security breaches can, almost certainly will occur on mainframes too. What til now has saved us if that it is uneconomic to connect a mainframe to the net as some idiot's plaything. The mainframe exploits I am familiar with---There have been some---were the work of insiders/sysprogs, and they were not qualitatively different from other sorts of white-color crime, embezzlement and the like. To repeat myself now, mainframes can be made very secure indeed; but mostly they are not; and the notion that a mainframe qua mainframe is magically secure is dangerous nonsense.. John Gilmore, Ashland, MA 01721 - USA ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
