How many vulnerabilities have you seen that did not come down to people? Those sysprogs are just the tip of the iceberg as far as configuration, enforcement, management, policy, procedure, protocol and training vulnerabilities are concerned. Yes, I've seen code vulnerabilities, but they're ju8st noise compared to the other isswues.
I come at this from the other end; when I had RACF SPECIAL I refused to give myself UID(0) because it was an unnecessary risk. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of ITschak Mugzach <[email protected]> Sent: Thursday, June 6, 2019 4:30 PM To: [email protected] Subject: Re: Just how secure are mainframes? | Trevor Eddolls [SEC=UNOFFICIAL] Seymour, i have seen sysprogs in few sites that are convinced that you need read access to racf / tss db in order to be an admin or even for query only. ITscahk בתאריך יום ה׳, 6 ביוני 2019, 19:31, מאת Seymour J Metz <[email protected]>: > ITYM any shop that allows general user access to the RACF DB deserves to > be cracked. There's nothing magic about IEBGENER. Access to sensitive > information should be limited to those who need it. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > ________________________________________ > From: IBM Mainframe Discussion List <[email protected]> on behalf > of Jones, Phil <[email protected]> > Sent: Wednesday, June 5, 2019 9:29 PM > To: [email protected] > Subject: Re: Just how secure are mainframes? | Trevor Eddolls > [SEC=UNOFFICIAL] > > At the risk of being controversial, I think that any z/OS site that allows > general utility access to the RACF DB almost DESERVES to be hacked... > > Regards; Phil J. > > -----Original Message----- > From: IBM Mainframe Discussion List <[email protected]> On Behalf > Of R.S. > Sent: Thursday, 6 June 2019 2:41 AM > To: [email protected] > Subject: Re: Just how secure are mainframes? | Trevor Eddolls > > W dniu 2019-06-02 o 21:48, ITschak Mugzach pisze: > > Sory to inform you: there are such SVCs available for download. I > > think there is one on the cbttape . > > While such code is available for download it is not available for install. > Otherwise we talk about mistakes in configurations => human problem, not > platform weakness. > > BTW: I know very dangerous tool for hacking RACFdb and passwords: > IEBGENER. You run IEBGENER, put RACFdb in SYSUT1, then transfer SYSUT2 > content directly to some hack site and voila. > > -- > Radoslaw Skorupka > Lodz, Poland > > > > > ====================================================================== > > Jeśli nie jesteś adresatem tej wiadomości: > > - powiadom nas o tym w mailu zwrotnym (dziękujemy!), > - usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub > zapisałeś na dysku). > Wiadomość ta może zawierać chronione prawem informacje, które może > wykorzystać tylko adresat.Przypominamy, że każdy, kto rozpowszechnia > (kopiuje, rozprowadza) tę wiadomość lub podejmuje podobne działania, > narusza prawo i może podlegać karze. > > mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa, > http://secure-web.cisco.com/155_aQOAoYRplWsWRrv0Iz9uLpzX7mTLneLQ8ackg2-7lXx5ujQdijuIMoETyiMbzgjTFCJa2J3NXb9EMEnPGmdfY2GgS7Bx6YWmKwA7D0OecYPlYtL-mw_lbfL0q2ngrXUNYxVbK1BHFkORXi79SprF9LDKOLsqXBEjByUck_pvgN-tbnRPa9M7zkvFO0A_CObnOwjlVO-yS8w-ERPbmnjxJyvkEyrI9lOCpzGYB3O4VuVeVTxd7cXhWPJaSrh6PA6dLxEYYq5Wf5R9iKLa7h805Nu5RBSnPGz1gORb-dPX-iZa9G64PoezBCllRK62jIW7OYD6MswRwZeQ_Lrx6U8RmNCRQGZq_cf96EU57zm__JzBoVPsOt24oXXETboCj-eu9OsNrN_zqKP0VDgbRzMEacqPR8_7_8DSQVAMpy-1XZ6CytpCMOa7t0fQJZxDz/http%3A%2F%2Fwww.mBank.pl, > e-mail: [email protected]. Sąd Rejonowy dla m. st. Warszawy XII Wydział > Gospodarczy Krajowego Rejestru Sądowego, KRS 0000025237, NIP: > 526-021-50-88. Kapitał zakładowy (opłacony w całości) według stanu na > 01.01.2018 r. wynosi 169.248.488 złotych. > > If you are not the addressee of this message: > > - let us know by replying to this e-mail (thank you!), > - delete this message permanently (including all the copies which you have > printed out or saved). > This message may contain legally protected information, which may be used > exclusively by the addressee.Please be reminded that anyone who > disseminates (copies, distributes) this message or takes any similar > action, violates the law and may be penalised. > > mBank S.A. with its registered office in Warsaw, ul. Senatorska 18, 00-950 > Warszawa, > http://secure-web.cisco.com/155_aQOAoYRplWsWRrv0Iz9uLpzX7mTLneLQ8ackg2-7lXx5ujQdijuIMoETyiMbzgjTFCJa2J3NXb9EMEnPGmdfY2GgS7Bx6YWmKwA7D0OecYPlYtL-mw_lbfL0q2ngrXUNYxVbK1BHFkORXi79SprF9LDKOLsqXBEjByUck_pvgN-tbnRPa9M7zkvFO0A_CObnOwjlVO-yS8w-ERPbmnjxJyvkEyrI9lOCpzGYB3O4VuVeVTxd7cXhWPJaSrh6PA6dLxEYYq5Wf5R9iKLa7h805Nu5RBSnPGz1gORb-dPX-iZa9G64PoezBCllRK62jIW7OYD6MswRwZeQ_Lrx6U8RmNCRQGZq_cf96EU57zm__JzBoVPsOt24oXXETboCj-eu9OsNrN_zqKP0VDgbRzMEacqPR8_7_8DSQVAMpy-1XZ6CytpCMOa7t0fQJZxDz/http%3A%2F%2Fwww.mBank.pl, > e-mail: [email protected]. District Court for the Capital City of Warsaw, > 12th Commercial Division of the National Court Register, KRS 0000025237, > NIP: 526-021-50-88. Fully paid-up share capital amounting to PLN > 169,248,488 as at 1 January 2018. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ********************************************************************** > IMPORTANT: This e-mail is for the use of the intended recipient only and > may contain information that is confidential, commercially valuable and/or > subject to legal or parliamentary privilege. If you are not the intended > recipient you are notified that any review, re-transmission, disclosure, > dissemination or other use of, or taking of any action in reliance upon, > this information is prohibited and may result in severe penalties. If you > have received this e-mail in error please notify the sender immediately and > delete all electronic and hard copies of this transmission together with > any attachments. Please consider the environment before printing this > e-mail > ********************************************************************** > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
