I am not aware of any documented case where VM has been penetrated by hackers (a term to which I take strong exception).
The use of a looping channel program is not a system penetration as such, as the person responsible was also authorized to the system, but was rather a misuse of the authority granted to that person. Every case of an external break-in to a VM system has been due to either: 1) Not changing the IBM-supplied installation passwords; or 2) The use of poor password choices (an actual example was a Userid of BIGMAC and a Password of BURGER). 3) The unauthorized provision of a password to an external user by an internal user. There have been numerous cases of bugs in the VM code bringing down the system. For example, when IBM first introduced the "Remote Dial" capability (VM/SP r2?), I was at a site which participated in the BETA of that code. If one graphic terminal on one remote 327x controller dialed into a virtual graphic controller on a virtual machine, everything worked fine. Unfortunately, this was apparently the only configuration tested by IBM. For example, if two graphic terminals on two different remote 327x controllers dialed into the same virtual graphic controller on the same virtual machine, the whole VM system came crashing down around our ears. It took months to track down the problem and get it resolved. I suppose that a remote user could have dialed in maliciously in order to cause a system failure. However, I don't feel that such a scenario passes the smell test. As I indicated, I am aware of no case where a VM system has been "penetrated" by hackers (objection reiterated). John P Baker
