Re: Mainframes open to internet attacks?

[David Crayford]

I can't say I've tried it but this simple python script looks like it 
could do some damage https://github.com/mainframed/MFDoS.


On 29/08/2015 2:05 PM, Rob Schramm wrote:

Not necessarily.  Assumptions are definitely being made.

Rob Schramm

On Fri, Aug 28, 2015, 9:59 PM David Crayford dcrayf...@gmail.com wrote:


On 29/08/2015 5:56 AM, Charles Mills wrote:

http://mainframesproject.tumblr.com/

That really is a hall of shame! If you can access telnet then you can
disrupt the system with a DDoS attack.


Charles

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU]

On Behalf Of Scott Ford

Sent: Friday, August 28, 2015 1:42 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframes open to internet attacks?

I think the dude who wrote to article was looking for money or being a

name in the industry.  Every Z system I have been on you could not get to a
login screen that easy. That's about 20+ shops , so dude give us details no
fluff

Scott

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Rob Schramm]

Not necessarily.  Assumptions are definitely being made.

Rob Schramm

On Fri, Aug 28, 2015, 9:59 PM David Crayford dcrayf...@gmail.com wrote:

 On 29/08/2015 5:56 AM, Charles Mills wrote:
  http://mainframesproject.tumblr.com/

 That really is a hall of shame! If you can access telnet then you can
 disrupt the system with a DDoS attack.

 
  Charles
 
  -Original Message-
  From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU]
 On Behalf Of Scott Ford
  Sent: Friday, August 28, 2015 1:42 PM
  To: IBM-MAIN@LISTSERV.UA.EDU
  Subject: Re: Mainframes open to internet attacks?
 
  I think the dude who wrote to article was looking for money or being a
 name in the industry.  Every Z system I have been on you could not get to a
 login screen that easy. That's about 20+ shops , so dude give us details no
 fluff
 
  Scott
 
  --
  For IBM-MAIN subscribe / signoff / archive access instructions,
  send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[R.S.]

W dniu 2015-08-29 o 03:59, David Crayford pisze:

On 29/08/2015 5:56 AM, Charles Mills wrote:

http://mainframesproject.tumblr.com/


That really is a hall of shame! If you can access telnet then you can 
disrupt the system with a DDoS attack.
Not every system is production system. Not every production system is 
really important for its owner.

I repeat: I know a system where you can obtain TSO account for free.

--
Radoslaw Skorupka
Lodz, Poland






--
Treść tej wiadomości może zawierać informacje prawnie chronione Banku 
przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie 
jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem 
niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania 
adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie 
lub inne działanie o podobnym charakterze jest prawnie zabronione i może być 
karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie 
zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość 
włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku.

This e-mail may contain legally privileged information of the Bank and is 
intended solely for business use of the addressee. This e-mail may only be 
received by the addressee and may not be disclosed to any third parties. If you 
are not the intended addressee of this e-mail or the employee authorized to 
forward it to the addressee, be advised that any dissemination, copying, 
distribution or any other similar activity is legally prohibited and may be 
punishable. If you received this e-mail by mistake please advise the sender 
immediately by using the reply facility in your e-mail software and delete 
permanently this e-mail including any copies of it either printed or saved to 
hard drive.

mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa, 
www.mBank.pl, e-mail: kont...@mbank.pl
Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru 
Sądowego, nr rejestru przedsiębiorców KRS 025237, NIP: 526-021-50-88. 
Według stanu na dzień 01.01.2015 r. kapitał zakładowy mBanku S.A. (w całości 
wpłacony) wynosi 168.840.228 złotych.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Meir Zohar]

Hi All 

I completely agree with Phil - the issue is not whether the Mainframe is open 
to the Internet - it’s an issue of complacency vs. correct configuration. 
Too many C*O types are so focused on the availability aspect of CIA that they 
downplay the risks to the other aspects of that triad - particularly on Z.
Assuming z/OS is safe - does not make it so - and ignoring the various 
vulnerabilities (misconfiguration, under or mis-staffing, lack of controls, 
lack of SLCM/DLCM , lack of anything else that's required)  - does not make 
them go away. 
This is not true in every case, but I too have seen TSO users with minimal 
capabilities owning the system - in under two hours.  
If you have security assessments regularly - you'll always find something. Your 
goal should be to make your external auditor work really hard to find what 
you've forgotten :-) 

MZ



-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Phil
Sent: Friday, August 28, 2015 8:26 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframes open to internet attacks?

Hi All, 

I’m actually the person interviewed in this (frankly overblown) article. 
Thankfully I had a chance to talk again about this project here: 
https://www.bostonglobe.com/ideas/2015/08/13/remote-corner-internet-art-sprouts/joPVVFqBnctHanbtUBLhzL/story.html
 
https://www.bostonglobe.com/ideas/2015/08/13/remote-corner-internet-art-sprouts/joPVVFqBnctHanbtUBLhzL/story.html

Radoslaw, I’m so glad you were able to attend one of my talks (was it the 
Skytalks or BSidesLV?). However, I think you misunderstood the point I was 
trying to make. I’ve constantly touted how stupid the information security 
industry has been in thinking mainframes were old and obsolete. See this 
article about one of my first talks from two years ago: 
http://www.darkreading.com/attacks-breaches/cutting-through-the-mystique-of-testing-the-mainframe/d/d-id/1140239
 
http://www.darkreading.com/attacks-breaches/cutting-through-the-mystique-of-testing-the-mainframe/d/d-id/1140239
 my story hasn’t really changed since. My toolset has, and participation is 
slowly increasing, but not fast enough. In fact, my co-speaker and I, at the 
most recent DEFCON, were making fun of the audience for not knowing what CICS 
was despite how important it likely was to their daily lives. 

On the topic on whether they are secure or not, thats up to the implementation. 
I know of someone who claims ‘give me an account and I can own your mainframe’. 
He doesn’t do it through magical 0-days, he’s using misconfigurations and easy 
to access tools (for example, in one instance he found a surrogate profile for 
an account with system special open to everyone because it was an ‘emergency 
id’). But this is true of any platform. zLinux is just as secure as z/OS, if 
both are configured correctly. 

Finally, on to the ‘art project’ as I like to call it. Back, long ago, when I 
was on x.25 networks looking for things to play with I might encounter a screen 
like these. I just find them amazing and beautiful (and a little nostalgic to 
be honest). Having them be on the internet doesn’t really matter, if they are 
configured correctly. My assumption is that they are on the internet on purpose 
and are no different than a staff landing page (for example: 
https://fs.aircanada.ca/idp/SSO.saml2 https://fs.aircanada.ca/idp/SSO.saml2, 
i found this through literally 1 second on google). 

If you want to see other interesting ’things' on the internet check out SHODANs 
twitter feed for devices like ‘Lake Pumping Stations’ and ‘Skilift in France’: 
https://twitter.com/shodanhq https://twitter.com/shodanhq

I realize this is likely way off-topic for this discussion list but feel free 
to email me if you have questions or concerns (or are interested in how I did 
it).

Phil


 On Aug 27, 2015, at 9:00 PM, IBM-MAIN automatic digest system 
 lists...@listserv.ua.edu wrote:
 
 Date:Thu, 27 Aug 2015 17:38:05 +0200
 From:R.S. r.skoru...@bremultibank.com.pl 
 mailto:r.skoru...@bremultibank.com.pl
 Subject: Re: Mainframes open to internet attacks?
 
 W dniu 2015-08-19 o 00:26, Robert Harrison pisze:
 From technologyreview.com http://technologyreview.com/:
 
 http://www.technologyreview.com/news/540011/mainframe-computers-that-
 handle-our-most-sensitive-data-are-open-to-internet-attacks/ 
 http://www.technologyreview.com/news/540011/mainframe-computers-that
 -handle-our-most-sensitive-data-are-open-to-internet-attacks/
 
 Really?
 
 What I understod from the lecture:
 a) mainframes are old, obsolete, but unfotunately sometimes still in 
 use
 - which is a sin.
 b) mainframes are insecure
 c) some mainframe are directly accessible from Internet, by mistake of 
 course.
 
 What I mean:
 a)  b) - IMHO obvious ;-)
 
 c) IMHO it is bad idea to make any system directly accessible from 
 Internet. Mainframe, any kind of Unix, Linux, Windows...
 Some exceptions do apply but it's still

Re: Mainframes open to internet attacks?

[R.S.]

W dniu 2015-08-28 o 06:19, Timothy Sipples pisze:

Radoslaw Skorupka wrote:

c) IMHO it is bad idea to make any system directly accessible from
Internet. Mainframe, any kind of Unix, Linux, Windows...

Which leaves...what? Is Wang still selling machines? (But those were
systems, too...)


Well...
OS/2 and it's successor eComStation
VMS aka OpenVMS
OS/400

(now more funny answers)
iOS
Android
PC DOS (it's hard to find server working uder DOS, but...)
BeOS
NetWare
FreeBSD
QNX



--
Radoslaw Skorupka
Lodz, Poland






--
Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku 
przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie 
jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem 
niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania 
adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie 
lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by 
karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie 
zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo 
wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku.

This e-mail may contain legally privileged information of the Bank and is 
intended solely for business use of the addressee. This e-mail may only be 
received by the addressee and may not be disclosed to any third parties. If you 
are not the intended addressee of this e-mail or the employee authorized to 
forward it to the addressee, be advised that any dissemination, copying, 
distribution or any other similar activity is legally prohibited and may be 
punishable. If you received this e-mail by mistake please advise the sender 
immediately by using the reply facility in your e-mail software and delete 
permanently this e-mail including any copies of it either printed or saved to 
hard drive.

mBank S.A. z siedzib w Warszawie, ul. Senatorska 18, 00-950 Warszawa, 
www.mBank.pl, e-mail: kont...@mbank.pl
Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru 
Sdowego, nr rejestru przedsibiorców KRS 025237, NIP: 526-021-50-88. 
Wedug stanu na dzie 01.01.2015 r. kapita zakadowy mBanku S.A. (w caoci 
wpacony) wynosi 168.840.228 zotych.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Klan, Rob (RET-DAY)]

Compared to what?

compared to a mainframe locked in a vault.


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Shmuel Metz (Seymour J.)
Sent: Thursday, August 27, 2015 7:23 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframes open to internet attacks?

In 55df2edd.5090...@bremultibank.com.pl, on 08/27/2015
   at 05:38 PM, R.S. r.skoru...@bremultibank.com.pl said:

What I understod from the lecture:
a) mainframes are old, obsolete, but unfotunately sometimes still in 
use  - which is a sin.

If they do the job as well as or better than available alternatives then 
they're not obsolete.

b) mainframes are insecure

Compared to what? 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see http://patriot.net/~shmuel/resume/brief.html
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[R.S.]

W dniu 2015-08-28 o 14:12, John McKown pisze:


The die hard AmigaDOS people will be wanting an apology for being ignored
  -- yet again. The CP/M people have all died, so no worries from them.
[grin].


Well, I still have working CP/M machine and feel quite alive. However I 
never tried to  connect it to Internet.

(yes, it's Friday...)

--
Radoslaw Skorupka
Lodz, Poland






--
Treść tej wiadomości może zawierać informacje prawnie chronione Banku 
przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie 
jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem 
niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania 
adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie 
lub inne działanie o podobnym charakterze jest prawnie zabronione i może być 
karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie 
zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość 
włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku.

This e-mail may contain legally privileged information of the Bank and is 
intended solely for business use of the addressee. This e-mail may only be 
received by the addressee and may not be disclosed to any third parties. If you 
are not the intended addressee of this e-mail or the employee authorized to 
forward it to the addressee, be advised that any dissemination, copying, 
distribution or any other similar activity is legally prohibited and may be 
punishable. If you received this e-mail by mistake please advise the sender 
immediately by using the reply facility in your e-mail software and delete 
permanently this e-mail including any copies of it either printed or saved to 
hard drive.

mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa, 
www.mBank.pl, e-mail: kont...@mbank.pl
Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru 
Sądowego, nr rejestru przedsiębiorców KRS 025237, NIP: 526-021-50-88. 
Według stanu na dzień 01.01.2015 r. kapitał zakładowy mBanku S.A. (w całości 
wpłacony) wynosi 168.840.228 złotych.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[John McKown]

On Fri, Aug 28, 2015 at 3:02 AM, R.S. r.skoru...@bremultibank.com.pl
wrote:

 W dniu 2015-08-28 o 06:19, Timothy Sipples pisze:

 Radoslaw Skorupka wrote:

 c) IMHO it is bad idea to make any system directly accessible from
 Internet. Mainframe, any kind of Unix, Linux, Windows...

 Which leaves...what? Is Wang still selling machines? (But those were
 systems, too...)


 Well...
 OS/2 and it's successor eComStation
 VMS aka OpenVMS
 OS/400

 (now more funny answers)
 iOS
 Android
 PC DOS (it's hard to find server working uder DOS, but...)
 BeOS
 NetWare
 FreeBSD


​The NetBSD and OpenBSD projects will have their seconds call on you for
ignoring them.

QNX


The die hard AmigaDOS people will be wanting an apology for being ignored
 -- yet again. The CP/M people have all died, so no worries from them.
[grin]. But the real danger from omitting somone is from the Mac OSX
people. They tend to be fanatics.





 --
 Radoslaw Skorupka
 Lodz, Poland


-- 

Schrodinger's backup: The condition of any backup is unknown until a
restore is attempted.

Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be.

He's about as useful as a wax frying pan.

10 to the 12th power microphones = 1 Megaphone

Maranatha! 
John McKown

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[David Crayford]

On 29/08/2015 5:56 AM, Charles Mills wrote:

http://mainframesproject.tumblr.com/


That really is a hall of shame! If you can access telnet then you can 
disrupt the system with a DDoS attack.




Charles

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Scott Ford
Sent: Friday, August 28, 2015 1:42 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframes open to internet attacks?

I think the dude who wrote to article was looking for money or being a name in the 
industry.  Every Z system I have been on you could not get to a login screen that easy. 
That's about 20+ shops , so dude give us details no fluff

Scott

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Charles Mills]

http://mainframesproject.tumblr.com/ 

Charles

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Scott Ford
Sent: Friday, August 28, 2015 1:42 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframes open to internet attacks?

I think the dude who wrote to article was looking for money or being a name in 
the industry.  Every Z system I have been on you could not get to a login 
screen that easy. That's about 20+ shops , so dude give us details no fluff

Scott

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Scott Ford]

I think the dude who wrote to article was looking for money or being a name
in the industry.  Every Z system I have been on you could not get to a
login screen that easy. That's about 20+ shops , so dude give us details no
fluff

Scott

On Friday, August 28, 2015, R.S. r.skoru...@bremultibank.com.pl wrote:

 W dniu 2015-08-28 o 14:12, John McKown pisze:


 The die hard AmigaDOS people will be wanting an apology for being ignored
   -- yet again. The CP/M people have all died, so no worries from them.
 [grin].


 Well, I still have working CP/M machine and feel quite alive. However I
 never tried to  connect it to Internet.
 (yes, it's Friday...)

 --
 Radoslaw Skorupka
 Lodz, Poland






 --
 Treść tej wiadomości może zawierać informacje prawnie chronione Banku
 przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być
 jedynie jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś
 adresatem niniejszej wiadomości lub pracownikiem upoważnionym do jej
 przekazania adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie,
 rozprowadzanie lub inne działanie o podobnym charakterze jest prawnie
 zabronione i może być karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo,
 prosimy niezwłocznie zawiadomić nadawcę wysyłając odpowiedź oraz trwale
 usunąć tę wiadomość włączając w to wszelkie jej kopie wydrukowane lub
 zapisane na dysku.

 This e-mail may contain legally privileged information of the Bank and is
 intended solely for business use of the addressee. This e-mail may only be
 received by the addressee and may not be disclosed to any third parties. If
 you are not the intended addressee of this e-mail or the employee
 authorized to forward it to the addressee, be advised that any
 dissemination, copying, distribution or any other similar activity is
 legally prohibited and may be punishable. If you received this e-mail by
 mistake please advise the sender immediately by using the reply facility in
 your e-mail software and delete permanently this e-mail including any
 copies of it either printed or saved to hard drive.

 mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa,
 www.mBank.pl, e-mail: kont...@mbank.pl
 Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego
 Rejestru Sądowego, nr rejestru przedsiębiorców KRS 025237, NIP:
 526-021-50-88. Według stanu na dzień 01.01.2015 r. kapitał zakładowy mBanku
 S.A. (w całości wpłacony) wynosi 168.840.228 złotych.


 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[R.S.]

W dniu 2015-08-19 o 00:26, Robert Harrison pisze:

From technologyreview.com:

http://www.technologyreview.com/news/540011/mainframe-computers-that-handle-our-most-sensitive-data-are-open-to-internet-attacks/

Really?


What I understod from the lecture:
a) mainframes are old, obsolete, but unfotunately sometimes still in use 
- which is a sin.

b) mainframes are insecure
c) some mainframe are directly accessible from Internet, by mistake of 
course.


What I mean:
a)  b) - IMHO obvious ;-)

c) IMHO it is bad idea to make any system directly accessible from 
Internet. Mainframe, any kind of Unix, Linux, Windows...
Some exceptions do apply but it's still platform-irrelevant. What is 
relevant it's protocol. TN3270 over TLS/SSL is better than any kind of 
telnet, etc.
I'm aware of mainframe z/OS installation which offer free TSO account to 
anyone.


BTW: There are plenty other open stuff on the Net, for example 
internet cameras. I mean CCTV installed in shops, lifts, etc. I saw 
webpage which collected such cameras, i.e. I saw shoe shop in my city. ;-)


--
Radoslaw Skorupka
Lodz, Poland






--
Treść tej wiadomości może zawierać informacje prawnie chronione Banku 
przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie 
jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem 
niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania 
adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie 
lub inne działanie o podobnym charakterze jest prawnie zabronione i może być 
karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie 
zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość 
włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku.

This e-mail may contain legally privileged information of the Bank and is 
intended solely for business use of the addressee. This e-mail may only be 
received by the addressee and may not be disclosed to any third parties. If you 
are not the intended addressee of this e-mail or the employee authorized to 
forward it to the addressee, be advised that any dissemination, copying, 
distribution or any other similar activity is legally prohibited and may be 
punishable. If you received this e-mail by mistake please advise the sender 
immediately by using the reply facility in your e-mail software and delete 
permanently this e-mail including any copies of it either printed or saved to 
hard drive.

mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa, 
www.mBank.pl, e-mail: kont...@mbank.pl
Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru 
Sądowego, nr rejestru przedsiębiorców KRS 025237, NIP: 526-021-50-88. 
Według stanu na dzień 01.01.2015 r. kapitał zakładowy mBanku S.A. (w całości 
wpłacony) wynosi 168.840.228 złotych.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Shmuel Metz (Seymour J.)]

In 55df2edd.5090...@bremultibank.com.pl, on 08/27/2015
   at 05:38 PM, R.S. r.skoru...@bremultibank.com.pl said:

What I understod from the lecture:
a) mainframes are old, obsolete, but unfotunately sometimes still in
use  - which is a sin.

If they do the job as well as or better than available alternatives
then they're not obsolete.

b) mainframes are insecure

Compared to what? 
-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see http://patriot.net/~shmuel/resume/brief.html 
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Timothy Sipples]

Radoslaw Skorupka wrote:
c) IMHO it is bad idea to make any system directly accessible from
Internet. Mainframe, any kind of Unix, Linux, Windows...

Which leaves...what? Is Wang still selling machines? (But those were
systems, too...)


Timothy Sipples
IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA
E-Mail: sipp...@sg.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Anne Lynn Wheeler]

mike.a.sch...@gmail.com (Mike Schwab) writes:
 How about Multics?  Designed from the start to be multi-user and
 highly secure.

some of the CTSS people went to the 5th flr and did Multics. Other of
the CTSS people went to the IBM science center on the 4th flr and did
cp67/cms, the internal network, online services, etc. Being in the same
bldg. separated by one flr, there was some rivalry.

One of the early tests was when science center ported apl\360 to cms
for cms\apl ... it allowed typical apl\360 16kbyte workspaces to be
increased to virtual memory size ... and also added API that allowed
access of system services (like file read/write). Opening APL to
real-world applications attracted a lot of internal locations to start
using the cambridge system remotesly. A group of business planners in
Armonk loaded the most valuable corporate asset (customer details) on
cambridge system to do business modeling applications in cms\apl.

we had some interesting issues since non-employess (cambridge area univ
students, instructors, professors) also had online access to the
cambridge system. some posts mentioning science center
http://www.garlic.com/~lynn/subtopic.html#545tech

some multics installations:
http://www.multicians.org/site-afdsc.html
http://www.multicians.org/mgd.html#DOCKMASTER

other old reference to DOCKMASTER org. (gone 404 but lives on at wayback
machine):
http://web.archive.org/web/20090117083033/http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml

and old reference to afds coming by to talk about 20 vm/4341 systems
... but then that was increased to 220 (posted in multics discussion
group)
http://www.garlic.com/~lynn/2001m.html#email790404

Recently a european that worked in NATO claimed that they got 6000
vm/4341 systems.

Note that Multics was implemented in PLI.

Up through the 90s, the major tcp/ip bugs/exploits were because of
buffer length related bugs epidemic in c-language implementations (and
still continues to be a frequent source of exploits). The original ibm
mainframe tcp/ip product was implemented in vs/pascal and had *none* of
these epidemic bugs found in c-language implementations.

As an aside, for various reasons this implementation had some
significant performance issues, getting 44kbytes/sec aggregate using
3090 processor. I did the rfc1044 enhancements and some tuning tests at
cray research got sustained channel speed throughput between cray and
4341, using only modest amount of 4341 (possibly 500 times improvement
in bytes moved per instruction executed). The (non-rfc1044) version was
also made available on MVS by simulating the required VM functions.
Much later the communication group contracted for TCP/IP support through
VTAM. After the initial demonstration, the communication group told the
contractor that everybody *knows* that a *correct* version of TCP/IP
runs slower than LU6.2 and they will only be paying for a *correct*
version.

I also had other rivalry with the 5th flr. One of my hobbies was
providing enhanced operating systems to internal locations ...  some old
email regarding CSC/VM (later it was SJR/VM, after I transferred to san
jose research):
http://www.garlic.com/~lynn/2006w.html#email750102
http://www.garlic.com/~lynn/2006w.html#email750430

It wasn't fair to compare the total number of Multics systems that had
ever existed with the total number of vm370 customer systems or even the
total number of internal vm370 systems. However, for a time, I had a few
more internal csc/vm systems than the total number of Multics systems.

-- 
virtualization experience starting Jan1968, online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Phil]

Hi All, 

I’m actually the person interviewed in this (frankly overblown) article. 
Thankfully I had a chance to talk again about this project here: 
https://www.bostonglobe.com/ideas/2015/08/13/remote-corner-internet-art-sprouts/joPVVFqBnctHanbtUBLhzL/story.html
 
https://www.bostonglobe.com/ideas/2015/08/13/remote-corner-internet-art-sprouts/joPVVFqBnctHanbtUBLhzL/story.html

Radoslaw, I’m so glad you were able to attend one of my talks (was it the 
Skytalks or BSidesLV?). However, I think you misunderstood the point I was 
trying to make. I’ve constantly touted how stupid the information security 
industry has been in thinking mainframes were old and obsolete. See this 
article about one of my first talks from two years ago: 
http://www.darkreading.com/attacks-breaches/cutting-through-the-mystique-of-testing-the-mainframe/d/d-id/1140239
 
http://www.darkreading.com/attacks-breaches/cutting-through-the-mystique-of-testing-the-mainframe/d/d-id/1140239
 my story hasn’t really changed since. My toolset has, and participation is 
slowly increasing, but not fast enough. In fact, my co-speaker and I, at the 
most recent DEFCON, were making fun of the audience for not knowing what CICS 
was despite how important it likely was to their daily lives. 

On the topic on whether they are secure or not, thats up to the implementation. 
I know of someone who claims ‘give me an account and I can own your mainframe’. 
He doesn’t do it through magical 0-days, he’s using misconfigurations and easy 
to access tools (for example, in one instance he found a surrogate profile for 
an account with system special open to everyone because it was an ‘emergency 
id’). But this is true of any platform. zLinux is just as secure as z/OS, if 
both are configured correctly. 

Finally, on to the ‘art project’ as I like to call it. Back, long ago, when I 
was on x.25 networks looking for things to play with I might encounter a screen 
like these. I just find them amazing and beautiful (and a little nostalgic to 
be honest). Having them be on the internet doesn’t really matter, if they are 
configured correctly. My assumption is that they are on the internet on purpose 
and are no different than a staff landing page (for example: 
https://fs.aircanada.ca/idp/SSO.saml2 https://fs.aircanada.ca/idp/SSO.saml2, 
i found this through literally 1 second on google). 

If you want to see other interesting ’things' on the internet check out SHODANs 
twitter feed for devices like ‘Lake Pumping Stations’ and ‘Skilift in France’: 
https://twitter.com/shodanhq https://twitter.com/shodanhq

I realize this is likely way off-topic for this discussion list but feel free 
to email me if you have questions or concerns (or are interested in how I did 
it).

Phil


 On Aug 27, 2015, at 9:00 PM, IBM-MAIN automatic digest system 
 lists...@listserv.ua.edu wrote:
 
 Date:Thu, 27 Aug 2015 17:38:05 +0200
 From:R.S. r.skoru...@bremultibank.com.pl 
 mailto:r.skoru...@bremultibank.com.pl
 Subject: Re: Mainframes open to internet attacks?
 
 W dniu 2015-08-19 o 00:26, Robert Harrison pisze:
 From technologyreview.com http://technologyreview.com/:
 
 http://www.technologyreview.com/news/540011/mainframe-computers-that-handle-our-most-sensitive-data-are-open-to-internet-attacks/
  
 http://www.technologyreview.com/news/540011/mainframe-computers-that-handle-our-most-sensitive-data-are-open-to-internet-attacks/
 
 Really?
 
 What I understod from the lecture:
 a) mainframes are old, obsolete, but unfotunately sometimes still in use 
 - which is a sin.
 b) mainframes are insecure
 c) some mainframe are directly accessible from Internet, by mistake of 
 course.
 
 What I mean:
 a)  b) - IMHO obvious ;-)
 
 c) IMHO it is bad idea to make any system directly accessible from 
 Internet. Mainframe, any kind of Unix, Linux, Windows...
 Some exceptions do apply but it's still platform-irrelevant. What is 
 relevant it's protocol. TN3270 over TLS/SSL is better than any kind of 
 telnet, etc.
 I'm aware of mainframe z/OS installation which offer free TSO account to 
 anyone.
 
 BTW: There are plenty other open stuff on the Net, for example 
 internet cameras. I mean CCTV installed in shops, lifts, etc. I saw 
 webpage which collected such cameras, i.e. I saw shoe shop in my city. ;-)
 
 -- 
 Radoslaw Skorupka
 Lodz, Poland
 
 
 
 
 
 
 --
 Treść tej wiadomości może zawierać informacje prawnie chronione Banku 
 przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być 
 jedynie jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś 
 adresatem niniejszej wiadomości lub pracownikiem upoważnionym do jej 
 przekazania adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, 
 rozprowadzanie lub inne działanie o podobnym charakterze jest prawnie 
 zabronione i może być karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, 
 prosimy niezwłocznie zawiadomić nadawcę wysyłając odpowiedź oraz trwale 
 usunąć tę wiadomość włączając w to wszelkie jej kopie

Re: Mainframes open to internet attacks?

[Mike Schwab]

How about Multics?  Designed from the start to be multi-user and highly secure.

On Thu, Aug 27, 2015 at 11:19 PM, Timothy Sipples sipp...@sg.ibm.com wrote:
 Radoslaw Skorupka wrote:
c) IMHO it is bad idea to make any system directly accessible from
Internet. Mainframe, any kind of Unix, Linux, Windows...

 Which leaves...what? Is Wang still selling machines? (But those were
 systems, too...)

 
 Timothy Sipples
 IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA
 E-Mail: sipp...@sg.ibm.com

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



-- 
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[John McKown]

On Wed, Aug 19, 2015 at 8:22 AM, Vince Coen vbc...@gmail.com wrote:

 Err you have to read this a little closer :

  leaders of the U.S. office of personal management .. explain 


 So these people experienced it, what exactly ?

 Knowledge of any form of IT !! ?

 There again could have down a simple search on Google and believed what
 they read on the internet and even worse via Google.


 There again when I see the date on Google I double check :)

 This shortly is a case of the blind leading the blind, no ?

 As for the case of mainframes being open to hacking - well any system can
 if the user name/password system is not maintained and likewise the front
 end concentrator not have its own security fully in place.

 High secure systems only accept user login's from known IP and MAC
 addresses that are pre-stored.

 As a remote worked these days I have to declare all computer kit I use to
 access client system with:

 My IP addresses


​Good, but can be gotten around (with difficulty) if you can mess with the
host's ARP cache.​



 The MAC code for each box


​Easy to spool a MAC address using a Linux machine.​



 My encrypted password if their system can handle it - in my case I use
 1024 byte folded coding .


​This is the best. I've not looked at this much, but it may be possible to
circumvent by a determined person with an MITM attack. ​

What I use for things such as GMail, GitHub, and Twitter is Two Factor
authentication. For GMail  GitHub, there is a Google app which is a
secure keyed time token generator. For Twitter, they SMS text a 6 digit
code to my phone. So for any of those sites, I must have my phone on me.
The place where I work _used_ to have a VPN with a dedicated secure token
key issued to you. Everybody had their own token key. You could use it only
to log on using your assigned id. Your key + other id == no connection. But
it was too expensive. And not a Microsoft solution. So bye-bye.




 Can't say I have found any one getting though those (so far).



 Vince
 IT since 1961.


-- 

Schrodinger's backup: The condition of any backup is unknown until a
restore is attempted.

Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be.

He's about as useful as a wax frying pan.

10 to the 12th power microphones = 1 Megaphone

Maranatha! 
John McKown

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Martin Packer]

personal or personnel? Which makes the article writer or whoever was 
quoted another weak link in the chain. :-)

Cheers, Martin

Martin Packer,
zChampion, Principal Systems Investigator,
Worldwide Banking Center of Excellence, IBM

+44-7802-245-584

email: martin_pac...@uk.ibm.com

Twitter / Facebook IDs: MartinPacker
Blog: 
https://www.ibm.com/developerworks/mydeveloperworks/blogs/MartinPacker



From:   Vince Coen vbc...@gmail.com
To: IBM-MAIN@LISTSERV.UA.EDU
Date:   19/08/2015 14:22
Subject:Re: Mainframes open to internet attacks?
Sent by:IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU



Err you have to read this a little closer :

 leaders of the U.S. office of personal management .. explain 


So these people experienced it, what exactly ?

Knowledge of any form of IT !! ?

There again could have down a simple search on Google and believed what 
they read on the internet and even worse via Google.


There again when I see the date on Google I double check :)

This shortly is a case of the blind leading the blind, no ?

As for the case of mainframes being open to hacking - well any system 
can if the user name/password system is not maintained and likewise the 
front end concentrator not have its own security fully in place.

High secure systems only accept user login's from known IP and MAC 
addresses that are pre-stored.

As a remote worked these days I have to declare all computer kit I use 
to access client system with:

My IP addresses
The MAC code for each box
My encrypted password if their system can handle it - in my case I use 
1024 byte folded coding .

Can't say I have found any one getting though those (so far).



Vince
IT since 1961.


On 19/08/15 13:59, Greg Shirey wrote:
 I'm still trying to figure this out:

 More recently, when leaders of the U.S. office of personal management 
appeared before Congress to explain how sensitive data on millions of 
federal employees was accessed by hackers, they pointed to decades-old 
code written in a programming language called COBOL.

 Any ideas how COBOL facilitated a hack on sensitive data?

 Regards,
 Greg Shirey
 Ben E. Keith Company

 -Original Message-
 From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On 
Behalf Of Meir Zohar
 Sent: Tuesday, August 18, 2015 11:08 PM
 To: IBM-MAIN@LISTSERV.UA.EDU
 Subject: Re: Mainframes open to internet attacks?

 Phil Young has been doing these talks for several years and some of the 
tools are posted on his Soldier of Fortran site.

 He is absolutely correct in that some sites are complacent in their the 
mainframe is secure attitude and that, like every other platform, z/OS 
requires a continuous evaluate-correct-test-rollout-rinse-repeat 
security cycle ...

 Since security implementation on z/OS, independent of the tool, is the 
realm of either the sysprog (with little time to deal with it on a daily 
basis) or the security staff (where dedicated z/OS specialists are few and 
far between) - this can and does lead potential gaps in coverage.

 Ignoring the problem doesn't make it go away (however, Ashley Madison 
users'  most sensitive information was never on z/OS).


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN





--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Vince Coen]

Err you have to read this a little closer :

 leaders of the U.S. office of personal management .. explain 


So these people experienced it, what exactly ?

Knowledge of any form of IT !! ?

There again could have down a simple search on Google and believed what 
they read on the internet and even worse via Google.



There again when I see the date on Google I double check :)

This shortly is a case of the blind leading the blind, no ?

As for the case of mainframes being open to hacking - well any system 
can if the user name/password system is not maintained and likewise the 
front end concentrator not have its own security fully in place.


High secure systems only accept user login's from known IP and MAC 
addresses that are pre-stored.


As a remote worked these days I have to declare all computer kit I use 
to access client system with:


My IP addresses
The MAC code for each box
My encrypted password if their system can handle it - in my case I use 
1024 byte folded coding .


Can't say I have found any one getting though those (so far).



Vince
IT since 1961.


On 19/08/15 13:59, Greg Shirey wrote:

I'm still trying to figure this out:

More recently, when leaders of the U.S. office of personal management appeared 
before Congress to explain how sensitive data on millions of federal employees was 
accessed by hackers, they pointed to decades-old code written in a programming language 
called COBOL.

Any ideas how COBOL facilitated a hack on sensitive data?

Regards,
Greg Shirey
Ben E. Keith Company

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Meir Zohar
Sent: Tuesday, August 18, 2015 11:08 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframes open to internet attacks?

Phil Young has been doing these talks for several years and some of the tools 
are posted on his Soldier of Fortran site.

He is absolutely correct in that some sites are complacent in their the mainframe is 
secure attitude and that, like every other platform, z/OS requires a continuous 
evaluate-correct-test-rollout-rinse-repeat security cycle ...

Since security implementation on z/OS, independent of the tool, is the realm of 
either the sysprog (with little time to deal with it on a daily basis) or the 
security staff (where dedicated z/OS specialists are few and far between) - 
this can and does lead potential gaps in coverage.

Ignoring the problem doesn't make it go away (however, Ashley Madison users'  most 
sensitive information was never on z/OS).



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Greg Shirey]

I'm still trying to figure this out: 

More recently, when leaders of the U.S. office of personal management appeared 
before Congress to explain how sensitive data on millions of federal employees 
was accessed by hackers, they pointed to decades-old code written in a 
programming language called COBOL.

Any ideas how COBOL facilitated a hack on sensitive data?   

Regards,
Greg Shirey
Ben E. Keith Company 

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Meir Zohar
Sent: Tuesday, August 18, 2015 11:08 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Mainframes open to internet attacks?

Phil Young has been doing these talks for several years and some of the tools 
are posted on his Soldier of Fortran site. 

He is absolutely correct in that some sites are complacent in their the 
mainframe is secure attitude and that, like every other platform, z/OS 
requires a continuous evaluate-correct-test-rollout-rinse-repeat security 
cycle ...  

Since security implementation on z/OS, independent of the tool, is the realm of 
either the sysprog (with little time to deal with it on a daily basis) or the 
security staff (where dedicated z/OS specialists are few and far between) - 
this can and does lead potential gaps in coverage. 

Ignoring the problem doesn't make it go away (however, Ashley Madison users'  
most sensitive information was never on z/OS). 


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Rob Schramm]

Soldier of Fortran site had links to all this.  I don't think any of the
information is new.

Rob Schramm

On Tue, Aug 18, 2015, 7:15 PM Charles Mills charl...@mcn.org wrote:

 Really. In 2012 Logica, a mainframe service bureau in Sweden, suffered a
 disastrous hack that involved government agency files, credit cards, and
 social security numbers. The entry was via an online legal database that
 was accessible via browser from the Internet, and which turned out to be
 vulnerable to the CGI remote command execution vulnerability. The hack was
 a crisis for Logica that ultimately required international diplomacy to
 stop as the hacker had so many privileged RACF userids that if they revoked
 one, he simply used another and created ten more. Per Gottfrid Svartholm
 Warg, alias anakata, co-founder of The Pirate Bay, a media sharing site,
 was convicted of the breach, and also of breaching a CSC mainframe in
 Denmark, in which EU international police records among others were
 exfiltrated. (Referenced in the article you cite.)

 Charles

 -Original Message-
 From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
 Behalf Of Robert Harrison
 Sent: Tuesday, August 18, 2015 3:27 PM
 To: IBM-MAIN@LISTSERV.UA.EDU
 Subject: Mainframes open to internet attacks?

 From technologyreview.com:


 http://www.technologyreview.com/news/540011/mainframe-computers-that-handle-our-most-sensitive-data-are-open-to-internet-attacks/

 Really?

 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Meir Zohar]

Phil Young has been doing these talks for several years and some of the tools 
are posted on his Soldier of Fortran site. 

He is absolutely correct in that some sites are complacent in their the 
mainframe is secure attitude and that, like every other platform, z/OS 
requires a continuous evaluate-correct-test-rollout-rinse-repeat security 
cycle ...  

Since security implementation on z/OS, independent of the tool, is the realm of 
either the sysprog (with little time to deal with it on a daily basis) or the 
security staff (where dedicated z/OS specialists are few and far between) - 
this can and does lead potential gaps in coverage. 

Ignoring the problem doesn't make it go away (however, Ashley Madison users'  
most sensitive information was never on z/OS). 


MZ

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Robert Harrison
Sent: Wednesday, August 19, 2015 1:27 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Mainframes open to internet attacks?

From technologyreview.com:

http://www.technologyreview.com/news/540011/mainframe-computers-that-handle-our-most-sensitive-data-are-open-to-internet-attacks/

Really?

Robert Harrison

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Mark Post]

 On 8/18/2015 at 06:26 PM, Robert Harrison robert.harri...@omes.ok.gov 
 wrote:

 From technologyreview.com:
 
 http://www.technologyreview.com/news/540011/mainframe-computers-that-handle-
 our-most-sensitive-data-are-open-to-internet-attacks/
 
 Really?

Yes, really.  Phil Young isn't the only one that talks about this.  Mark Wilson 
at SHARE in Orlando had a good session about (the lack of) good mainframe 
security at a lot of shops he consults with.


Mark Post

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Mark Post]

 On 8/18/2015 at 06:26 PM, Robert Harrison robert.harri...@omes.ok.gov 
 wrote:

 From technologyreview.com:
 
 http://www.technologyreview.com/news/540011/mainframe-computers-that-handle-
 our-most-sensitive-data-are-open-to-internet-attacks/

It's fun to read the comments on that article, denying that there's any sort of 
real security problem.  They're just:
- Site configuration issues.
- Taken care of by the hardware
- Not a problem, I've never had a breach on my system.

That's a small subset of the litany Mark Wilson receives from just about every 
customer right before he breaches their z/OS system.  To be fair, the first 
bullet configuration issue is pretty accurate.  A lot of the things talked 
about were the result of things not being set up 100% tight.  The problem is 
that the environments are so complex, and involve so many different people or 
groups, it's nearly impossible to nail down everything correctly.  His, and 
Phil Young's, main message is simply denying a problem exists won't protect 
you.  You have to check, and re-check, and re-check, and ...


Mark Post

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframes open to internet attacks?

[Charles Mills]

Really. In 2012 Logica, a mainframe service bureau in Sweden, suffered a 
disastrous hack that involved government agency files, credit cards, and social 
security numbers. The entry was via an online legal database that was 
accessible via browser from the Internet, and which turned out to be vulnerable 
to the CGI remote command execution vulnerability. The hack was a crisis for 
Logica that ultimately required international diplomacy to stop as the hacker 
had so many privileged RACF userids that if they revoked one, he simply used 
another and created ten more. Per Gottfrid Svartholm Warg, alias anakata, 
co-founder of The Pirate Bay, a media sharing site, was convicted of the 
breach, and also of breaching a CSC mainframe in Denmark, in which EU 
international police records among others were exfiltrated. (Referenced in the 
article you cite.)

Charles

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Robert Harrison
Sent: Tuesday, August 18, 2015 3:27 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Mainframes open to internet attacks?

From technologyreview.com:

http://www.technologyreview.com/news/540011/mainframe-computers-that-handle-our-most-sensitive-data-are-open-to-internet-attacks/

Really?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN