Do you mean open systems or "open" systems? z/OS may be as vulnerable as a well secured Linux system, but I doubr that it is as vulnerable as a windows system.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Robyn Gilchrist <[email protected]> Sent: Wednesday, October 31, 2018 8:56 AM To: [email protected] Subject: Re: eWEEK Article highlights weaknesses in Mainframe Security CNMEUNIX is the NetView Unix Command processor that allowed unauthorized access to UID(0), patched in 2012. IBM HTTP Server (DGW Base) had a security red alert back in early 2013 but, as is IBM’s prerogative, they didn’t divulge the particulars of the exposure. Ray opened my eyes to exactly how z vulnerabilities and exploits occur. Not alleged vulnerabilities, numbers don’t lie. This is computer science, after all. Since our conversation, I haven’t viewed the z the same way. I haven’t viewed IBM-MAIN the same way. z is just as vulnerable as open systems, maybe more so with our … er … aging labor staff, years of neglect in admin practices, and the false sense of security we’ve enjoyed behind our firewalls, green screens and 370/390/z architecture. I have a presentation about the Logica hack that I’ve done at a few RUGs (RACF User Groups). The hack was technically impressive and zero-day exploit was just one of many attack vectors. https://secure-web.cisco.com/1jkHZbdDScNtUrvtWaZyKtQoZRhQsL0JlZG-n_A9gqHXEAmwzI6X25qvQn6OBRinaVAsukszwgWrRxXZCRukJe5TwlUNuFIFjvFe2HSH_QkLnUIH04SHRIs-WHQP_AdWBnWjbhbKp1Hx3WZ7ipUKYbPqVDQSAyeccCeKA8rL0ih8X2fZP3mWTXuFLv6yg2kryfAPVylxhXlTTLK1DfaTIkB8j-_2lnv1ZVmzLzVDMSbfoNkrSe17ZevPLw77LrUkyRQH5jGkbAeUsyFqvUex_8kLmqf0li9QagSpR5nfGIUgzoW5fz79M3-cH7069D3GOml6FAC5lpXyqBlqDMtG8ccxwB6TwIr_wrS6qhPyyFRx3hY-LWkQ2L2HlI0J05s0nDiR02S7LZmG8F2Y8vA_2J8FZMjdt8Q60K7OeMyftfJeIKcxPECtXW_qRoNf82yp-/https%3A%2F%2Fwww.rshconsulting.com%2FRSHpres%2FRSH_Consulting__Examining_Mainframe_Internet_Hack__October_2018.pdf Robyn ---- Robyn E Gilchrist Senior RACF and z/OS Technical Specialist RSH Consulting, Inc. 617-977-9090 http://secure-web.cisco.com/1Mf8r2TLmggsKk5_CE3We_qEBM-piMInrDlZY_Rvc8MLWmONOuQE8JDZhL7c-zcxOEd2U7T-2CURlDx-r8aVwOXaRCGF4wHvJTBwZsP6wGEVUU-r7t_SazXA1dBoqCcvx0q3jZAHQ7As5gn6bOlKiFiP9WM4myTG5ExZDrYH9a10LYNNc74zI0ib1KCajv9DwVI3i2Ja74ssYwLfV9EsSQmqa2xLdSZ1lQUoV_Ik7qchR1uLMBe1e2TJvhatjHCnns3ZFHR3qaCrA73IAv7oQOzd6CAlwRQxwah8lqqIyG6K19VBqcTkBgsUxxkXEyF_gTZiN6DdLjHJQRzifnZhDD78Ai8-KITGjue7NiHV_-Xm8UWErytZEqvKa5zvkNhmZkUJ9zi9T7ZhccdL0ZPQ38ny2UQWpQ_bsCzA2DRZhMlfP_6A2dLpRVVISpVO5Jx8H/http%3A%2F%2Fwww.linkedin.com%2Fin%2Frobyn-e-gilchrist http://secure-web.cisco.com/1dfmWiKlQwFyNZJxct55b9HkCLtdeL99UWAU8lTQqJvTE10aaQrI6uPVF9bsxHmZZBxDEgdYWsqgwM5DIL8IK4EwVggUAplG1L_MbuOK6NxcmTSyKRhEVG_F83jiuvo0S3x7t2-1v8idan9RMRCMtCw7FyFPU0LCT53R_uNmP2sEevgq0wfvbjmBwPmFMSoEFAF1tcmOXLgWyBlbyG6N2KcUrHjyQQiQAtOzUPaJ6UMNfz3bpYLSAHJEsaGnCIFJ98ZyBve98-_QnrnhC-cistfHsFYLxZdYQohqW74PEUBVPF2YE_BNa7Z8fBMDG0KXPlHJyLPNkW_g7_XCgMxrXxASfomdVn1AzB2GGzjN3588YBIY5wP8bCrBNN0-zSoLy1rTuLjvAbnzYOedzzIFSfqYuV--NAW-p9bzJYBxFbtjgS1gRBpp714MfNHt_Oy9b/http%3A%2F%2Fwww.rshconsulting.com -------------------------------------------------------------------------------- Upcoming RSH RACF Training - WebEx - RACF Audit & Compliance Roadmap - MAR 11-15, 2019 - RACF Level I Administration - DEC 4-7, 2018 - RACF Level II Administration - APR 1-5, 2019 - RACF Level III Admin, Audit, & Compliance - FEB 25 - MAR 1, 2019 - RACF - Securing z/OS UNIX - FEB 11-15, 2019 -------------------------------------------------------------------------------- ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
