On 23 Oct 2015 01:44:37 -0700, in bit.listserv.ibm-main you wrote: >For those of you who don't know, Talk Talk is a major Broadband/Phone provider >in the UK with over 4 million customers who has been hacked. Seems ALL the >customers details have been gleaned (see list in the article). > >http://www.bbc.co.uk/news/uk-34611857 > >I've listened to some "security experts" pontificating on the BBC this >morning. They seem to have no idea what they are talking about, but one of >them is a Professor no less. Must be all right then, mustn't it. > >Anyone want to take a bet that Talk Talk do not use Mainframes?
Depending on the vulnerability exploited, the attack might have been successful on the mainframe. Dynamic SQL if allowed on the mainframe is one vulnerability (Bobby Tables story). CICS transactions probably don't have much vulnerability. Apache based web server vulnerabilities probably are cross platform. And then there are the integrity APARs and configuration and implementation mistakes and oversights like leaving implementation ids on the system for anything accessible online. Clark Morris > >Biased? Moi? "Answers on a Postcard please." > >Happy Friday > >ALH > >PS This is the kind of "wake-up" call that CTOs need to be aware of if >thinking of moving off the mainframe. (B of A listening? Sorry, Alan!) > > > > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
