Old spool exit hack MVS/ESA and JES3, UK big bank Nasty Wetmonster.
We had the usual assortment of exits and mods. We had a problem with jobs throwing excessive amounts of output to spool. The answer was surprisingly simple--put a STIMER (not STIMERM SET) in the exit, which slowed down that job to let everything else run normally, without any nasty side effects. Roo On Sat, 22 Jun 2019, 16:58 Donald Blake, <[email protected]> wrote: > If a company can't afford to do computing correctly, and that includes > doing it securely, they shouldn't have computers in house in the first > place. Particularly medical related companies such as hospitals. That's a > HIPPA violation waiting to happen. Which in the US, carries potentially > severe consequences. > > Date: Fri, 21 Jun 2019 13:33:39 +0300 > From: ITschak Mugzach <[email protected]> > Subject: Re: mainframe hacking "success stories"? > > Radoslav, > > Many clients I visited allows local admin authority on windows workstation > to the machine user for ease of management. However, we get clients monthly > reports on success and failures from some clients of us. Most of them > respond well to attacks and block them, so even their workstations are > protected. > > I believe it is a question of budget. Banks can afford protection that > hospitals can't (and bankers can afford better medical treatment than > others...). If you look at the names of clients that were hit by such > attach, it is almost always a client that can't afford a complete security > systems. > > On the mainframe, only few datasets are owned by en users, most of them are > not significant to the user (ISPF temporary datasets, some "on work" job or > source code libraries that most of them are on the change management store, > etc.). How many DB2 data tables can be updated by human clients directly? > Near if not zero. So,from the attacker point of view, no much to > encrypt,unless he get a service account. This is more complex to perform. > > and as I always say, security cost you a lot, but if it works, managers > doesn't see the value of it. > > ITschak > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
