Seymour has it right.
Sent from Yahoo Mail for iPhone
On Monday, June 3, 2019, 12:42 PM, Seymour J Metz wrote:
This whole thread has consistently confused several very different issues:
1. How secure is z/OS itself?
2. How secure is 3rd party software?
3. How secure is the typical shop
40 years on numerous mainframes at more than a dozen companies and we’ve never
been hacked and never had any need for penetration testing.
Sent from Yahoo Mail for iPhone
On Monday, June 3, 2019, 11:54 AM, Clark Morris wrote:
[Default] On 2 Jun 2019 19:11:41 -0700, in bit.listserv.ibm-main
Lol, yeah, because the more someone posts, the smarter they are!!! I’ve got
more experience than him, in all facets of the mainframe. In many industries. I
couldn’t care less who you believe or trust. I don’t sell security, he does. In
my experience on this site, the IBMers are the ones I pay
Compuware's ThruPut Manager also has the ability to detect which procs are
being used and where they came from.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the
I would not convert it to LE.
I have strong feelings that any system tool like this must be able to
run in a crippled system with as little support from the OS as possible.
As an opinion, I think that simple programs like this should not be
converted to base-less programming either. One,
The command D IPLINFO,any-sysparm-keyword displays only the member suffix in
effect at IPL. So the command
D IPLINFO,MSTRJCL
returns only '00'. It does not indicate the contents of MSTJCL00 at IPL time.
.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler
So, what I see that needs to be done to get this work done is:
Cobol program does its processing, calls a paragraph in itself.
This paragraph strings the needed information to a large character
data area in XML format.
variable1-name variable1-value
variable2-name variable2-value
etc.
It calls a
How was a mainframe breach detected? A TSOID trying to access a ton
of files they didn't have access too.
(link to Share PDF 'how hackers breached a government (and a bank)' by
Soldier of Fortran below.)
On Mon, 3 Jun 2019 16:52:14 +, Seymour J Metz wrote:
>> I know of no documented interface, not even including EXECOM,
>>to extract a complete description of the data represented by a Rexx compound
>>symbol.
>
>What's wrong with IRXEXCOM and IKJCT441?
>
Imagine that a black box, possibly
On Mon, 3 Jun 2019 17:23:35 +, Seymour J Metz wrote:
>No, I mean that SDSF would have to accept a parameter for the associative
>array and have some way to update it. Only after IBM implements can can they
>provide for calling SDSF from COBOL. The hard part is updating SDSF.
>
Or bridge
Have no idea about MultiCS, but can comment on 2 & 3 as I've seen many
installations here and in EU.
1. The best way is to check the product after it was installed by the
sysprog. I noticed that some of them skip installation steps. When it comes
to products that depend on USS, it can be
>From an secure infrastructure view
You can do everything right and have it go wrong.
You can do everything wrong and never have an issue.
Going forward, how do we make everything secure enough so a user writing down a
password on a screen Post-it note, doesn't matter? I believe we have
Certainly Multics as well hardened, and definitely more secure than
contemporaneous MVS. I don't know how it compares to MVS in 2019. Multic would
have been a better base going forward, but the S/360 architecture didn't have
all of the facilities that would have been needed to port Multics.
By
[Default] On 3 Jun 2019 09:41:54 -0700, in bit.listserv.ibm-main
sme...@gmu.edu (Seymour J Metz) wrote:
>This whole thread has consistently confused several very different issues:
I agree and have questions in each of the areas.
>
> 1. How secure is z/OS itself?
I recall reading that Multics
I am thinking of taking the source to this and "upgrading" it in a few
ways: modify to use relative and immediate instructions; convert it to be
LE; add code to run it as a Unix command. Also, rename it to ZOSCPCMD.
Or am I just wasting my time?
No, I mean that SDSF would have to accept a parameter for the associative array
and have some way to update it. Only after IBM implements can can they provide
for calling SDSF from COBOL. The hard part is updating SDSF.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
> Would the XML parser create and read the necessary structure?
No. You need control blocks in storage and a way for SDSF to update them when
you invoke it. REXX provides such an interface when you invoke SDSF through its
REXX interface, but to do the same from outside REXX you'd need to
It's conceivable, but I doubt it. As best I can tell it's just a question of
talking a cross purposes, not deliberate obfuscation.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List on behalf of
Bill Johnson
> I know of no documented interface, not even including EXECOM,
>to extract a complete description of the data represented by a Rexx compound
>symbol.
What's wrong with IRXEXCOM and IKJCT441?
OTOH, there is no documented interface for a REXX variable pool not created by
REXX.
--
Shmuel
This whole thread has consistently confused several very different issues:
1. How secure is z/OS itself?
2. How secure is 3rd party software?
3. How secure is the typical shop running z/OS?
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
[Default] On 2 Jun 2019 19:11:41 -0700, in bit.listserv.ibm-main
0047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote:
>Hes selling plain and simple. So is Mugzak. Some laboratory bs that he will
>even show you in application code. Then no doubt analyze your application code
Unfortunately, the HMC System Monitor App is confusing in that the list of
monitors contains items available only when the system is running in Dynamic
Partition Mode (DPM) as well as in the non-DPM mode and the helps do not
explain this.
I am assuming that none of your systems are running
Skip,
I remember this being a pain to setup and test initially. But we did finally
get it to work.
Directions below are basic and you're already past some of these steps, but I'm
including them if others want to follow along.
Using an ID with SYSPROG permissions:
Single Click on "HMC
The only one selling here is you. You are selling BS and we are not buying it.
Remember, according to you, we known it all. So why do you continue?
I'll take Ray's intentions over yours *every single time*. He has earned it
from this industry many times over. Just because he has had security
Anthony,
Thanks for the JCL and the REXX. It works like a charm. Much obliged.
On Monday, June 3, 2019, 2:01:51 a.m. UTC, Anthony Thompson
wrote:
Provided you have the appropriate authorities...
Batch job:
//jobcard
//SDSFCMD EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSPROC
25 matches
Mail list logo
