Do I know about a violation of the statement of integrity that IBM has not addressed? No, of course not.
I am not certain that "MVS exposures" versus "lax security" is a black and white dichotomy. It's easy to look after the fact at any breach and say "aha! You should not have done X." I don't think the role of we security practitioners is solely pointing out "exposures" in MVS to IBM. I think helping customers with common less-than-ideal practices is more important. Logica was a professional service bureau with a professionally-maintained z/OS. They got breached. One might infer that other MVS sites, and not just those with "lax" (however defined) security practices, might also be vulnerable. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Shmuel Metz (Seymour J.) Sent: Sunday, January 11, 2015 12:31 AM To: [email protected] Subject: Re: Young's Black Hat 2013 talk - was mainframe tribute song In <[email protected]>, on 01/09/2015 at 04:35 PM, Charles Mills <[email protected]> said: >A stitch in time saves nine. Whoosh! Let me rephrase that in simple terms. Have there been any successful cracking attempts in the wild against real, present-day mainframes that exploited MVS exposures rather than lax security practices? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
