On Fri, Sep 15, 2017 at 2:36 PM, Bill Wilkie <[email protected]> wrote:
> What if your data was encrypted, you read it into a sort, put the sort > output to a data set where it was NOT encrypted, and someone copied it? Or, > they got it from sort work areas that were left on disk and not erased? > Does that count? > I was told of a company, back in the 3330 days, where the accounting dept had their own set of 3330 disk packs. All their data & their temporary data sets were on these packs. When the "secure" accounting cycle was running, a person from the department brought those pack down. The operators removed the normal temporary storage disks, then mounted the accounting data & work disks. When the cycle ended, the department person took the packs back to the accounting dept and locked them up in a safe. Now that was fairly secure. Oh, and the output was actually taken off the printer by the accounting person. This was in OS/MVT days, and there was no TSO on that system. > > > Bill > > > ________________________________ > From: IBM Mainframe Discussion List <[email protected]> on behalf > of Jesse 1 Robinson <[email protected]> > Sent: Friday, September 15, 2017 7:21 PM > To: [email protected] > Subject: Re: Would encryption have prevented known major breaches? > > I have to keep harping on this. The looming EU regulation on hacking is a > potentially huge legal liability. You cannot defend yourself in court by > arguing that you hire the best people. You can defend yourself only by > showing that the hacked data was encrypted. > > . > . > J.O.Skip Robinson > Southern California Edison Company > Electric Dragon Team Paddler > SHARE MVS Program Co-Manager > 323-715-0595 Mobile > 626-543-6132 Office ⇐=== NEW > [email protected] > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of zMan > Sent: Friday, September 15, 2017 12:16 PM > To: [email protected] > Subject: (External):Re: Would encryption have prevented known major > breaches? > > Hiring competent people. That's so 20th-century. Get with the program, man! > > On Fri, Sep 15, 2017 at 8:51 AM, John McKown <[email protected] > > > wrote: > > > On Thu, Sep 14, 2017 at 7:41 PM, Tom Brennan > > <[email protected]> > > wrote: > > > > > John McKown wrote: > > > > > >> IMO, encrypting data is a very good defense. Another good defense > > >> is hiring competent people rather than inexpensive people and > > >> giving them > > the > > >> time to design, code, and test their solutions. I don't have > > >> statistics, but many attacks are based on coding errors such as the > > >> infamous "SQL Injection" attacks. On the almost hilarious attacks > > >> which succeed > > because > > >> "whomever" didn't bother to configure the security on some piece of > > >> equipment, and left the administrator credentials as "admin/admin". > > >> Of course, the people & time requirements that I mentioned "cost too > much" > > >> and > > >> "delay time to market". Today's world is based on think up > > >> something in the morning, design over lunch, create before dinner, > > >> ship the next morning. > > >> > > > > > > Did you mention admin/admin because of this news report, or just > > > coincidence? > > > > > > https://nam04.safelinks.protection.outlook.com/?url= > http%3A%2F%2Fwww.bbc.com%2Fnews%2Ftechnology-41257576& > data=02%7C01%7Cbillwilkie%40hotmail.com%7C119fcd6b7a8a4006ca7d08d4fc6f > 0771%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0% > 7C636411001169882688&sdata=NoMB%2BXNEHgLO6qX0aYduhy5TP4x0ANW4Q > ugDNJVVHCc%3D&reserved=0 > > > > > > That was the reason. I just couldn't remember if it was Equifax or > > something else in the news recently; and I was too lazy to double check. > > > > -- > > UNIX was not designed to stop you from doing stupid things, because > > that would also stop you from doing clever things. -- Doug Gwyn > > > > Maranatha! <>< > > John McKown > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
