00000047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) writes: > Right, my articles are flawed. Yet, real mainframe hacks can be > counted on one hand. And many of those are hypothetical or were > achieved via someone hacking a laptop (MSFT) or acquiring a valid > userid because of someone’s stupidity. If hackers wanted to go where > the money is, and banks would be the place, they would target the > mainframe since nearly every bank in the world uses one.
one of the hack story issues is those using mainframes for critical systems (especially financial) do quite a bit to keep such things out of the news I was in financial sector CIP meetings in white house annex https://en.wikipedia.org/wiki/Critical_infrastructure_protection and major issues was to make sure that the financial ISAC https://www.fsisac.com/ wasn't subject to FOIA https://en.wikipedia.org/wiki/Freedom_of_Information_Act_(United_States) Was also brought in to help wordsmith some cal. state legislation. At the time they were working on electronic signature, data breach notification, and opt-in personal information sharing. There were participants that were heavily into privacy issues and had done detailed consumer/public privacy studies. The number one issue was "identity theft", primarily information leaking used for fraudulent financial transactions. The problem at the time was little being done about the leaks & breaches (other than obscuring source of the problem). The issue is normally entities take security issues in self-interest, in the case of most of the information leaks/breaches, the institutions weren't at risk, it was the public. It was hoped that publicity from breach notifications might motivate corrective action. Since then then there have been numerous federal data breach notification bills introduced ... about half similar to the cal. legislation and the other half with requirements that almost never would be met (eliminating need for majority of breach notifications). -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN