Does anyone think that Computerworld is going to write a retraction?
*George Rodriguez* *Specialist II - IT Solutions* *IT Enterprise Applications* *PX - 47652* *(561) 357-7652 (office)* *(954) 415-7586 (mobile)* *School District of Palm Beach County* *3348 Forest Hill Blvd.* *Room B-251* *West Palm Beach, FL. 33406-5869* *Florida's Only A-Rated Urban District For Eight Consecutive Years* On Mon, Mar 20, 2017 at 9:12 AM, John Crossno <[email protected]> wrote: > If one reads the article, then digs into the underlying research, and > finally the Congressional report on the OPM incidents (all 250 pages of > it), it's quite easy to see that the authors of the research and subsequent > article are implying that legacy=mainframe/COBOL, while the real problem(s) > really had nothing to do with either, at the end of the day. It had > everything to do with "legacy" network security, not following best > security practices, etc. Where the research talks about investments in > modernization, they imply that the problem is "archaic" 30-year old COBOL > systems, when that really isn't supported by the research at all > (contradictions?). They really mean that when the distributed network > security is modernized with security best practices, advanced intrusion and > malware detection, use of MFA/PIV/etc, there's a reduction in the number of > incidents. > > I wrote up a longer response to it, as comments to the FB and LinkedIn > postings, that starts with the OPM report and works it's way back up to the > article. Seemingly, Computerworld didn't like some of the original comments > from their posting last week on LinkedIn, and felt the need to repost it > yesterday. That's where my longer comments can be found, vs their original > posting. Can't link directly to it or the FB posting.. You'll have to > search for Computerworld's page, then scroll. > > At the end of the day, it really has nothing to do with COBOL "security" at > all, but everything to do with network security. The article is just an > example of taking at face value poor research, taking liberties with and > cherry picking bits of a report and quotes from people who probably don't > understand the technology to begin with, and just plain old fashioned bad > journalism... Fake News! > > > > "Common sense is not so common." > * Voltaire, Dictionnaire Philosophique (1764) > > > > On Mon, Mar 20, 2017 at 8:51 AM, Elardus Engelbrecht < > [email protected]> wrote: > > > Todd Arnold wrote: > > > > >Gee, I've been developing crypto technology for 30+ years that runs in > > those environments - so it's certainly news to me that it can't be done > :-) > > > > Amazing! ;-) > > > > No one said those cards are that *fast* ! > > > > > > >Looking at the ICSF Application Programmer's Guide, which defines the > > ways most z/OS applications get cryptographic services, I see this: > > > > > ICSF callable services can be called from application programs written > > in a number of high-level languages as well as assembler. The high-level > > languages are: > > > - C > > > - COBOL > > > - FORTRAN > > > - PL/I > > > > And REXX + Assembler too. Look in Redbook - 'System z Crypto and TKE > > Update' (SG24-7848-00) for samples. > > > > Note from that bookie: The code supplied has not been subjected to any > > formal IBM test .... > > > > Groete / Greetings > > Elardus Engelbrecht > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- *Disclaimer: *Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
