Seymour, i have seen sysprogs in few sites that are convinced that you need read access to racf / tss db in order to be an admin or even for query only.
ITscahk בתאריך יום ה׳, 6 ביוני 2019, 19:31, מאת Seymour J Metz <[email protected]>: > ITYM any shop that allows general user access to the RACF DB deserves to > be cracked. There's nothing magic about IEBGENER. Access to sensitive > information should be limited to those who need it. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > ________________________________________ > From: IBM Mainframe Discussion List <[email protected]> on behalf > of Jones, Phil <[email protected]> > Sent: Wednesday, June 5, 2019 9:29 PM > To: [email protected] > Subject: Re: Just how secure are mainframes? | Trevor Eddolls > [SEC=UNOFFICIAL] > > At the risk of being controversial, I think that any z/OS site that allows > general utility access to the RACF DB almost DESERVES to be hacked... > > Regards; Phil J. > > -----Original Message----- > From: IBM Mainframe Discussion List <[email protected]> On Behalf > Of R.S. > Sent: Thursday, 6 June 2019 2:41 AM > To: [email protected] > Subject: Re: Just how secure are mainframes? | Trevor Eddolls > > W dniu 2019-06-02 o 21:48, ITschak Mugzach pisze: > > Sory to inform you: there are such SVCs available for download. I > > think there is one on the cbttape . > > While such code is available for download it is not available for install. > Otherwise we talk about mistakes in configurations => human problem, not > platform weakness. > > BTW: I know very dangerous tool for hacking RACFdb and passwords: > IEBGENER. You run IEBGENER, put RACFdb in SYSUT1, then transfer SYSUT2 > content directly to some hack site and voila. > > -- > Radoslaw Skorupka > Lodz, Poland > > > > > ====================================================================== > > Jeśli nie jesteś adresatem tej wiadomości: > > - powiadom nas o tym w mailu zwrotnym (dziękujemy!), > - usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub > zapisałeś na dysku). > Wiadomość ta może zawierać chronione prawem informacje, które może > wykorzystać tylko adresat.Przypominamy, że każdy, kto rozpowszechnia > (kopiuje, rozprowadza) tę wiadomość lub podejmuje podobne działania, > narusza prawo i może podlegać karze. > > mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa, > http://secure-web.cisco.com/155_aQOAoYRplWsWRrv0Iz9uLpzX7mTLneLQ8ackg2-7lXx5ujQdijuIMoETyiMbzgjTFCJa2J3NXb9EMEnPGmdfY2GgS7Bx6YWmKwA7D0OecYPlYtL-mw_lbfL0q2ngrXUNYxVbK1BHFkORXi79SprF9LDKOLsqXBEjByUck_pvgN-tbnRPa9M7zkvFO0A_CObnOwjlVO-yS8w-ERPbmnjxJyvkEyrI9lOCpzGYB3O4VuVeVTxd7cXhWPJaSrh6PA6dLxEYYq5Wf5R9iKLa7h805Nu5RBSnPGz1gORb-dPX-iZa9G64PoezBCllRK62jIW7OYD6MswRwZeQ_Lrx6U8RmNCRQGZq_cf96EU57zm__JzBoVPsOt24oXXETboCj-eu9OsNrN_zqKP0VDgbRzMEacqPR8_7_8DSQVAMpy-1XZ6CytpCMOa7t0fQJZxDz/http%3A%2F%2Fwww.mBank.pl, > e-mail: [email protected]. Sąd Rejonowy dla m. st. Warszawy XII Wydział > Gospodarczy Krajowego Rejestru Sądowego, KRS 0000025237, NIP: > 526-021-50-88. Kapitał zakładowy (opłacony w całości) według stanu na > 01.01.2018 r. wynosi 169.248.488 złotych. > > If you are not the addressee of this message: > > - let us know by replying to this e-mail (thank you!), > - delete this message permanently (including all the copies which you have > printed out or saved). > This message may contain legally protected information, which may be used > exclusively by the addressee.Please be reminded that anyone who > disseminates (copies, distributes) this message or takes any similar > action, violates the law and may be penalised. > > mBank S.A. with its registered office in Warsaw, ul. Senatorska 18, 00-950 > Warszawa, > http://secure-web.cisco.com/155_aQOAoYRplWsWRrv0Iz9uLpzX7mTLneLQ8ackg2-7lXx5ujQdijuIMoETyiMbzgjTFCJa2J3NXb9EMEnPGmdfY2GgS7Bx6YWmKwA7D0OecYPlYtL-mw_lbfL0q2ngrXUNYxVbK1BHFkORXi79SprF9LDKOLsqXBEjByUck_pvgN-tbnRPa9M7zkvFO0A_CObnOwjlVO-yS8w-ERPbmnjxJyvkEyrI9lOCpzGYB3O4VuVeVTxd7cXhWPJaSrh6PA6dLxEYYq5Wf5R9iKLa7h805Nu5RBSnPGz1gORb-dPX-iZa9G64PoezBCllRK62jIW7OYD6MswRwZeQ_Lrx6U8RmNCRQGZq_cf96EU57zm__JzBoVPsOt24oXXETboCj-eu9OsNrN_zqKP0VDgbRzMEacqPR8_7_8DSQVAMpy-1XZ6CytpCMOa7t0fQJZxDz/http%3A%2F%2Fwww.mBank.pl, > e-mail: [email protected]. District Court for the Capital City of Warsaw, > 12th Commercial Division of the National Court Register, KRS 0000025237, > NIP: 526-021-50-88. Fully paid-up share capital amounting to PLN > 169,248,488 as at 1 January 2018. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ********************************************************************** > IMPORTANT: This e-mail is for the use of the intended recipient only and > may contain information that is confidential, commercially valuable and/or > subject to legal or parliamentary privilege. If you are not the intended > recipient you are notified that any review, re-transmission, disclosure, > dissemination or other use of, or taking of any action in reliance upon, > this information is prohibited and may result in severe penalties. If you > have received this e-mail in error please notify the sender immediately and > delete all electronic and hard copies of this transmission together with > any attachments. Please consider the environment before printing this > e-mail > ********************************************************************** > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
