How will knowledge of control blocks, SVCs, etc., allow you to escalate your privileges beyond those assigned to your userid and groupid?
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Tom Brennan <[email protected]> Sent: Monday, May 6, 2019 9:27 PM To: [email protected] Subject: Re: mainframe hacking "success stories"? Ok, but why is Windows easier to hack than the mainframe? Personally, I'd find a mainframe far easier to hack because I know a little bit about control blocks, APF auth, SVC's, subsystems, address spaces, RACF, etc., and I know far less about the equivalents on Windows. But of course the first step is to get any kind of userid, and that's done by pretty-much the same methods - regardless of platform. On 5/6/2019 1:18 PM, Bill Johnson wrote: > It’s why banks stay on the mainframe. Security. > > > Sent from Yahoo Mail for iPhone > > > On Monday, May 6, 2019, 4:09 PM, Bigendian Smalls > <[email protected]> wrote: > > Bill, would you care to back that sweeping generalization up with some detail? > >> On May 6, 2019, at 22:06, Bill Johnson >> <[email protected]> wrote: >> >> Completely different. Hacking Microsoft is way easier. >> >> >> Sent from Yahoo Mail for iPhone >> >> >> On Monday, May 6, 2019, 3:53 PM, Bigendian Smalls >> <[email protected]> wrote: >> >> Which is how 80% of all the hacks today start. Find purchase and advance >> your position. This is how the game is played. It was as classic of a hack >> as anything today. >> >>> On May 6, 2019, at 21:43, Bill Johnson >>> <[email protected]> wrote: >>> >>> Still never would have occurred without a valid userid. >>> >>> >>> Sent from Yahoo Mail for iPhone >>> >>> >>> On Monday, May 6, 2019, 3:18 PM, Charles Mills <[email protected]> wrote: >>> >>> No. >>> >>> From the link you cite: >>> >>> "According to various sources, the hackers succeeded in finding (and >>> exploiting) at least 2 previously unknown errors enabling them to raise >>> their authorisations in the system. One of them was an error in an IBM HTTP >>> server and the other one was an error in the CNMEUNIX file, which in the >>> default configuration has SUID 0 authorisations (which means that by >>> leveraging on the errors it contains, one is able to execute commands with >>> the system administrator’s authorisations)." >>> >>> His "user" access to InfoTorg was not a problem for the mainframe. (It was >>> a problem for the MPAA lawyer whose account he accessed, but not for the >>> mainframe in general.) The above mainframe security vulnerability was. >>> >>> Charles >>> >>> >>> -----Original Message----- >>> From: IBM Mainframe Discussion List [mailto:[email protected]] On >>> Behalf Of Bill Johnson >>> Sent: Monday, May 6, 2019 11:17 AM >>> To: [email protected] >>> Subject: Re: mainframe hacking "success stories"? >>> >>> The Pirate Bay hack acquired a valid mainframe userid and password off of a >>> Microsoft laptop. In effect, not really a mainframe hack. He just logged >>> on. >>> https://secure-web.cisco.com/1EiUBe8kWIGocAoCHZ8duxx_X3_ii_2_msH4KXaCbsI05OQ4V0kZ0pcTIXpwXTnEXNJkg9GeqVs-R7IzdSX9GnIfcJrObS1D825ZM8nJeSoB6vNzJa2xDGqRXXNZvwK78Iko8hdQw6zS2R6griNgSM3snpLMvdrvHola_yv9zPXwr3f6_IlZ7zMV0PzBZ-SGsvsDr51V7r3Nf9n5gmq2VbONzowLmg5ZZIqqVK1uZXvW9mgP95d8wKnt8qt0yiAh5CB5la2Ub6ctm1NEEnN28D9JkOoehxhmkVmnssVIWwcAmZcPc3YZR4CHcmwQYA0gTScHJJs4dlOuGr6oKCL6mLSnp3kcELzP0FYC6m1v535CyCj7Fno_rt5ZWPmdLK8io3_XlgKB1xTTcjg9LhBDjwf7zqa9Iwg0Fse4BZ-eBCmUliiBCBkA7FPCEcbalillZW5RyF3YVzqmqEU4hm_I0Ig/https%3A%2F%2Fbadcyber.com%2Fa-history-of-a-hacking%2F >>> >>> Sent from Yahoo Mail for iPhone >>> >>> >>> On Monday, May 6, 2019, 1:21 PM, Charles Mills <[email protected]> wrote: >>> >>> #1: Noooooo. It was a legitimate mainframe hack (assuming you consider USS >>> a legitimate part of the mainframe, which it has been for 20 years or so). >>> It was an exploit of CGI buffer overrun. >>> >>> #2: It drives me nuts to hear mainframers explain away mainframe breaches. >>> "It wasn't really a mainframe hack, they got in through USS." "It wasn't >>> really a mainframe hack, they re-used a Windows password." "It wasn't >>> really a mainframe hack ... whatever." If your CEO was standing in front of >>> the press explaining how your company let x million credit card numbers go >>> astray, would it matter HOW they got into your mainframe, or only that they >>> DID?" If your mainframe is vulnerable to a USS hack, or a shared Windows >>> password, or whatever, you need to fix THAT, or risk having to explain to >>> your CEO why he got fired (like Target's) for letting all those credit card >>> numbers go astray. >>> >>> Charles >>> >>> >>> -----Original Message----- >>> From: IBM Mainframe Discussion List [mailto:[email protected]] On >>> Behalf Of Bill Johnson >>> Sent: Sunday, May 5, 2019 10:00 AM >>> To: [email protected] >>> Subject: Re: mainframe hacking "success stories"? >>> >>> Wasn’t really a mainframe hack. It was a laptop hack that acquired >>> legitimate mainframe credentials. >>> >>> ---------------------------------------------------------------------- >>> For IBM-MAIN subscribe / signoff / archive access instructions, >>> send email to [email protected] with the message: INFO IBM-MAIN >>> >>> >>> >>> ---------------------------------------------------------------------- >>> For IBM-MAIN subscribe / signoff / archive access instructions, >>> send email to [email protected] with the message: INFO IBM-MAIN >>> >>> ---------------------------------------------------------------------- >>> For IBM-MAIN subscribe / signoff / archive access instructions, >>> send email to [email protected] with the message: INFO IBM-MAIN >>> >>> >>> >>> ---------------------------------------------------------------------- >>> For IBM-MAIN subscribe / signoff / archive access instructions, >>> send email to [email protected] with the message: INFO IBM-MAIN >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> >> >> >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
