W dniu 2014-03-18 12:56, Elardus Engelbrecht pisze:
I'm not surprised. As a RACF person, I sometimes receive e-mails from
spammers and wannabe crackers trying to 'advise me' on a lot of
things. ;-)
Well, in my case the statndard is nobody even heard about RACF. So I
receive no comments or advices, even those wise. :-(
oclHashcat v1.20 support added to crack RACF (IBM mainframe) hashes with 1
Billion (Giga) Hashes/second on a single stock clocked hd6990 graphics card
How did they tested it? Obtained a real copy of RACF DB and do your cracking?
I bet, yes. Do you want real copy of RACF db? I'll create it for you.
Tell me the usernames and passwords you want to have.
It may be, in fact over the years, there are 'cracking' tools
available to do a brute force attack. Pick one and do your crack. But
as others said, you have first to obtain a copy of the RACF db somehow
and then do your attack. And then there is that 3 strike rule too. A
competent network person will trap your IP address if you try to
attack a live system and block you out. It has been done and we have
procedures to do that.
If you have the copy, the rule of 'n strikes' won't work.
The same for IP blocking.
BTW: how do you block IP address ot the attacker? What type of attacks
are considered ?
It only tells me one thing - cracking is a serious business for years long. Is
it a legal White Hat test or some nefarious underground group trying to 'test
out' systems (including z/OS) for fun/scientific reason/criminal reason?
The real reason is in fact irrelevant, the relevant are
a) intention you present (and can prove it)
b) local law. In US there is DMCA. In many countries you can crack any
security as long it's your lock, test environment, etc. In toehr words,
you can freely create any tool you like (except weapon).
I'm more concerned about INSIDERS trying to do 'strange' transactions.
Almost all brute force against RACF require participation f insider.
Regards
--
Radoslaw Skorupka
Lodz, Poland
--
Treść tej wiadomości może zawierać informacje prawnie chronione Banku
przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie
jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem
niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania
adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie
lub inne działanie o podobnym charakterze jest prawnie zabronione i może być
karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie
zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość
włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku.
This e-mail may contain legally privileged information of the Bank and is
intended solely for business use of the addressee. This e-mail may only be
received by the addressee and may not be disclosed to any third parties. If you
are not the intended addressee of this e-mail or the employee authorized to
forward it to the addressee, be advised that any dissemination, copying,
distribution or any other similar activity is legally prohibited and may be
punishable. If you received this e-mail by mistake please advise the sender
immediately by using the reply facility in your e-mail software and delete
permanently this e-mail including any copies of it either printed or saved to
hard drive.
mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa, www.mBank.pl, e-mail: [email protected]
Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, nr rejestru przedsiębiorców KRS 0000025237, NIP: 526-021-50-88. Według stanu na dzień 01.01.2014 r. kapitał zakładowy mBanku S.A. (w całości wpłacony) wynosi 168.696.052 złote.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
