The risk landscape has changed. If you look at CVE for IBM products that are based on GPL code, you will see may vulnerabilities. That's to say that the mainframe is not immune against zero day attacks. Generally speaking, many of the success mainframe penetration stories are based on mis-configured software. What make it interesting is the fact that vendors are shipping products with dangerous defaults.
ITschak On Tue, Oct 30, 2018 at 10:56 PM Charles Mills <[email protected]> wrote: > +1 on the other replies so far. > > The nature of zero-day vulnerabilities is that you have not heard of them > before. > > Is z/OS inherently perfect and immune to all possible vulnerabilities, > including those resulting from customer error? Of course not! > > Come to SHARE! Listen to the security presentations! Listen to Mark Wilson > talk about pen testing assignments, and how he has never failed to get in > within a few hours. > > Charles > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Eric Verwijs > Sent: Tuesday, October 30, 2018 7:59 AM > To: [email protected] > Subject: eWEEK Article highlights weaknesses in Mainframe Security > > http://www.eweek.com/security/taking-a-closer-look-at-mainframe-security > > What zero-day vulnerabilities would there be? I’ve not heard of unpatched > security holes in Z/OS before. > > Unless you are not properly managing your data, that is, limit access to > confidential information, how would someone get it? Aside from of course, > phishing and other attacks aimed at the users and not the machine itself. > > > > Regards, > Eric Verwijs > > Programmer-analyste, RPC, SV et solutions de paiement - Direction générale > de l'innovation, information et technologie > Emploi et Développement social Canada / Gouvernement du Canada > [email protected] > Téléphone 819-654-0934 > Télécopieur 819-654-1009 > > Programmer Analyst, CPP, OAS, and Payment Solutions - Innovation, > Information and Technology Branch > Employment and Social Development Canada / Government of Canada > [email protected] > Telephone 819-654-0934 > Facsimile 819-654-1009 > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- ITschak Mugzach *|** IronSphere Platform* *|* *Information Security Contiguous Monitoring for Legacy **| * ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
