I'll throw in a bit of "extra" behind this: Anyone who works in security almost certainly has heard of Metasploit. If not, Google it - it's pretty much a framework that puts known attacks into an easy-to-use platform for pentesting (or illicit activities if one decided to use it for such things). For ages, it was said "the mainframe is safe"...then the Logica & Nordia breaches happened, proving that 0-days exist on the mainframe. This, combined with people doing hacker-con talks on the subject, building modules into to Metaspoit, and developing other pentesting tools, means that now if you're sitting on an unpatched box and not deploying PTF's very quickly, some skiddy can come by and send your banking DB into oblivion without a huge amount of effort.
If you're interested in stuff like this, check out the con talks that Phil Young and Chad Rikansrud have given on this stuff. (see here this playlist of videos: https://www.youtube.com/watch?v=5Ra4Ehmifh4&index=7&list=PLBVy6TfEpKmEL56fb5AnZCM8pXXFfJS0n ) I'm personally putting together a talk demoing WannaCry successfully being run on my z800 within Linux (Linux on z + WINE = bad idea) ________________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Itschak Mugzach <imugz...@gmail.com> Sent: Wednesday, July 12, 2017 13:36 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again Just my two cents... there are many reasons why a supported and updated version is important, and why mainframe is just an other (big, complex) server in the computer room. Linux on z: servers that were located in DMZ, now running on z usually without fw ("because it slows communication"). I also involved in a case where client error destroyed a large complex database while the user used unsupported version. IBM refused to support them (ibm Israel did support). At the end, I had to unload parts of the database, correlate them and delete destroyed ones. Software should be one step behind last ptf and red alerts should be inserted immediately. נשלח מה-iPad שלי ב-12 ביולי 2017, בשעה 19:21, Charles Mills <charl...@mcn.org> כתב/ה: > It's not Windows versus z/OS. Whether it is number of instances or number of > viruses or number of mentions in airline magazines, that battle was over a > long time ago. > > "Windows has more viruses than z/OS" is not a substitute for being > up-to-date with support and patches. "But Windows is much worse" will not > get your data or your money or your ATM network back. > > I work for a z/OS security software vendor. We had a prospect tell us they > were not going to buy our product because "they had a lot of Windows systems > and only one z/OS system, so they were not focusing on z/OS." Do you see the > logical flaw there? > > It's not the malware you know about that should worry you the most. The > phrase "zero day exploit" comes to mind. > > Charles > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of R.S. > Sent: Wednesday, July 12, 2017 8:30 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Running unsupported is dangerous was Re: AW: Re: LE strikes > again > > W dniu 2017-07-12 o 15:53, Charles Mills pisze: >>> I know some malware for Win10, but I cannot remind any for z/OS 1.4... >> Partially because most of the community has a policy of publicizing >> vulnerabilities, but z/OS does not. The fact that you do not know of >> any malware for z/OS 1.whatever does not mean that it does not exist. >> >> Or expanding on Timothy's point, if you were developing malware, you >> would have an interesting decision which of the two operating systems to > target. >> Windows is high number of instances/low value each -- kind of the >> WalMart shopping of malware opportunities. z/OS is low number of >> instances/high value each -- kind of the Tiffany of malware >> opportunities. With Windows you would take a shotgun approach: "how >> many machines can I infect, and hope to make some money off of a >> percentage?" so naturally some number of your targets would end up >> discovered and publicized. With z/OS, you would take a very targeted > approach: "what one machine can I break into and steal a lot?" >> Whether you were successful or not, there might not end up being any >> publicity. >> >> Phrasing it differently, for Windows you would develop "malware" -- >> mass market malware, that would end up with a name and publicity >> (named by the anti-malware folks, not the authors). For z/OS, you >> would develop a specific targeted attack. It might be an "approach," >> not a "malware package," and might not end up with a name (other than >> "XYZ Bank's ATMs were down for the third day in a row ..." or "ABC >> Airlines experienced a massive outage yesterday ..."). >> >> The absence of evidence is not the evidence of absence. > > True, but ...I still rely more on z/OS 1.4 than on Windows 10. In case of > Win10 I have proofs of evidence - it is a little bit more than lack of > proofs. > BTW: z/OS is quite old (including previous names) - how many viruses are > known for this system? Yes, I know, the absence of evidence is not the > evidence of absence - however it's 50+ years of the absence! > > > Last, but not least: I'm NOT saying that running unsupported (and not > patched) system is something good. Even for zOS family. > However keeping very important data in Windows system is also not good idea, > is it? > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
