USS is definitely an integral part of z/OS so it's a legitimate mainframe hack. However if more of the hacks are occurring via USS it does raise questions about its quality from security perspective compared to the "classic" MVS side of the mainframe. Buffer overruns are probably the most common exploits in the UNIX / C programming environment, did IBM just bring in all its problems as well when they implemented OMVS / USS?
MKK On Mon, 6 May 2019 10:21:25 -0700, Charles Mills <[email protected]> wrote: >#1: Noooooo. It was a legitimate mainframe hack (assuming you consider USS a >legitimate part of the mainframe, which it has been for 20 years or so). It >was an exploit of CGI buffer overrun. > >#2: It drives me nuts to hear mainframers explain away mainframe breaches. "It >wasn't really a mainframe hack, they got in through USS." "It wasn't really a >mainframe hack, they re-used a Windows password." "It wasn't really a >mainframe hack ... whatever." If your CEO was standing in front of the press >explaining how your company let x million credit card numbers go astray, would >it matter HOW they got into your mainframe, or only that they DID?" If your >mainframe is vulnerable to a USS hack, or a shared Windows password, or >whatever, you need to fix THAT, or risk having to explain to your CEO why he >got fired (like Target's) for letting all those credit card numbers go astray. > >Charles > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
