We did hire a firm to come in and test. They were able to get into the building by piggy backing on someone else’s badge. Were able to get into various servers, but did not get into the MF.
Sent from Yahoo Mail for iPhone On Tuesday, May 7, 2019, 9:26 PM, Charles Mills <[email protected]> wrote: I was travelling and I have kind of lost track of where this thread has gone. Let me throw three thoughts out there. 1. Our job is to make our platform -- and if you are at a customer, your site -- as secure as reasonably possible. Not "more secure than Windows." It is NOT like the joke about the two hunters being chased by a bear, one of whom says "I don't have to run faster than the bear; just faster than you." You have to run faster than ALL the bears. 2. "Oh, but they got a userid and password from somewhere else." A userid and password is nothing. You know who has a userid and password? All of your users. Another name for your users is "insider threats." 3. You think your mainframe in darned near invulnerable? Put it to the test. Hire one of the pen testing firms like RSM or Vanguard. Report back here if they find no vulnerabilities. Tell me I'm wrong. Charles ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
