+1 to Paul and just to remind (again) that isrddn do have a warning panel if you type lpa or apf. It is true that isrddn user can't browse a protected library, but he can use the LOAD comnand to browse it in srorage (that what i use to look secretly into ichrin03)... not only that, isrdn described in dics as a third level tool. Not sure this is appropriate tool fot a regular tso user.
I usually find tools like iplinfo, showmvs and other free tools in a standard ispf concatenations. They are very valuable to white, grey and black box penetration. As a penteater i always look to collect configuration information and apf is surely one source. ITschak בתאריך 29 בינו׳ 2018 9:31 אחה״צ, "Paul Gilmartin" < [email protected]> כתב: > On Sat, 27 Jan 2018 10:05:29 -0500, Peter Relson wrote: > >... > >If a customer does not have their APF or PARMLIB or LNKLST or LPA > >libraries properly protected, that is a different matter entirely, and is > >one of the reasons why there is a RACF health check related to APF. > >... > >The information itself cannot be "exploited". Customer security gaps can > >be exploited. > > > >Security by obscurity (which is what you'd get to a small extent if what > >was asked for was implemented) is often only a little better than nothing. > > > Yes. > > But someone mentioned "need to know". If an adninistrator carelessly > leaves > sensitive information in a readable file, it invites an exploit. Health > check is > likely not to notice that. Fetch protection narrows the community of > exploiters. > Security is rarely perfect; not all-or-nothing. The closer the better. > > The FOSS community takes the view that the more eyes on the code, the > sooner > a weakness will be recognized, reported, and repaired. > > The Enterprise community takes the view that the more eyes on code, the > more > likely a weakness is to be exploited. IBM seems to fall in this category > by > embargoing integrity defect information long after patches are available. > Is that > "security by obscurity"? > > -- gil > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
