"personal" or "personnel"? Which makes the article writer or whoever was quoted another weak link in the chain. :-)
Cheers, Martin Martin Packer, zChampion, Principal Systems Investigator, Worldwide Banking Center of Excellence, IBM +44-7802-245-584 email: [email protected] Twitter / Facebook IDs: MartinPacker Blog: https://www.ibm.com/developerworks/mydeveloperworks/blogs/MartinPacker From: Vince Coen <[email protected]> To: [email protected] Date: 19/08/2015 14:22 Subject: Re: Mainframes open to internet attacks? Sent by: IBM Mainframe Discussion List <[email protected]> Err you have to read this a little closer : " leaders of the U.S. office of personal management .. explain " So these people experienced it, what exactly ? Knowledge of any form of IT !! ? There again could have down a simple search on Google and believed what they read on the internet and even worse via Google. There again when I see the date on Google I double check :) This shortly is a case of the blind leading the blind, no ? As for the case of mainframes being open to hacking - well any system can if the user name/password system is not maintained and likewise the front end concentrator not have its own security fully in place. High secure systems only accept user login's from known IP and MAC addresses that are pre-stored. As a remote worked these days I have to declare all computer kit I use to access client system with: My IP addresses The MAC code for each box My encrypted password if their system can handle it - in my case I use 1024 byte folded coding . Can't say I have found any one getting though those (so far). Vince IT since 1961. On 19/08/15 13:59, Greg Shirey wrote: > I'm still trying to figure this out: > > "More recently, when leaders of the U.S. office of personal management appeared before Congress to explain how sensitive data on millions of federal employees was accessed by hackers, they pointed to decades-old code written in a programming language called COBOL." > > Any ideas how COBOL facilitated a hack on sensitive data? > > Regards, > Greg Shirey > Ben E. Keith Company > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Meir Zohar > Sent: Tuesday, August 18, 2015 11:08 PM > To: [email protected] > Subject: Re: Mainframes open to internet attacks? > > Phil Young has been doing these talks for several years and some of the tools are posted on his Soldier of Fortran site. > > He is absolutely correct in that some sites are complacent in their "the mainframe is secure" attitude and that, like every other platform, z/OS requires a continuous "evaluate-correct-test-rollout-rinse-repeat" security cycle ... > > Since security implementation on z/OS, independent of the tool, is the realm of either the sysprog (with little time to deal with it on a daily basis) or the security staff (where dedicated z/OS specialists are few and far between) - this can and does lead potential gaps in coverage. > > Ignoring the problem doesn't make it go away (however, Ashley Madison users' "most sensitive information" was never on z/OS). > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
