Err you have to read this a little closer :
" leaders of the U.S. office of personal management .. explain "
So these people experienced it, what exactly ?
Knowledge of any form of IT !! ?
There again could have down a simple search on Google and believed what
they read on the internet and even worse via Google.
There again when I see the date on Google I double check :)
This shortly is a case of the blind leading the blind, no ?
As for the case of mainframes being open to hacking - well any system
can if the user name/password system is not maintained and likewise the
front end concentrator not have its own security fully in place.
High secure systems only accept user login's from known IP and MAC
addresses that are pre-stored.
As a remote worked these days I have to declare all computer kit I use
to access client system with:
My IP addresses
The MAC code for each box
My encrypted password if their system can handle it - in my case I use
1024 byte folded coding .
Can't say I have found any one getting though those (so far).
Vince
IT since 1961.
On 19/08/15 13:59, Greg Shirey wrote:
I'm still trying to figure this out:
"More recently, when leaders of the U.S. office of personal management appeared
before Congress to explain how sensitive data on millions of federal employees was
accessed by hackers, they pointed to decades-old code written in a programming language
called COBOL."
Any ideas how COBOL facilitated a hack on sensitive data?
Regards,
Greg Shirey
Ben E. Keith Company
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Meir Zohar
Sent: Tuesday, August 18, 2015 11:08 PM
To: [email protected]
Subject: Re: Mainframes open to internet attacks?
Phil Young has been doing these talks for several years and some of the tools
are posted on his Soldier of Fortran site.
He is absolutely correct in that some sites are complacent in their "the mainframe is
secure" attitude and that, like every other platform, z/OS requires a continuous
"evaluate-correct-test-rollout-rinse-repeat" security cycle ...
Since security implementation on z/OS, independent of the tool, is the realm of
either the sysprog (with little time to deal with it on a daily basis) or the
security staff (where dedicated z/OS specialists are few and far between) -
this can and does lead potential gaps in coverage.
Ignoring the problem doesn't make it go away (however, Ashley Madison users' "most
sensitive information" was never on z/OS).
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
