https://github.com/mainframed/NC110-OMVS
On Sat, Oct 9, 2021 at 8:14 AM Jerry Whitteridge <
jerry.whitteri...@albertsons.com> wrote:
> Is anyone aware of a version of Netcat that works with Unix Systems
> Services ? Was there something in the Tools and Toys page
>
> Jerry Whitteridge
>
Oops, yes it is in the code snippet.
On Sat, Oct 9, 2021 at 2:22 PM Wayne Bickerdike wrote:
> It's not obvious from the code snippet. I agree with Mike Schwab, qualify
> the name. The duplicate could be in a COPY statement.
>
> On Sat, Oct 9, 2021 at 11:24 AM Mike Schwab
> wrote:
>
>> > 01
It's not obvious from the code snippet. I agree with Mike Schwab, qualify
the name. The duplicate could be in a COPY statement.
On Sat, Oct 9, 2021 at 11:24 AM Mike Schwab wrote:
> > 01 RECORD-NAME.
> > 05 SUBSECTION-NAME.
>
> > MOVE SUBSECTION-NAME TO WS-SUBSECTION-NAME.
>
> >
That's a really bad idea! Just use "ssh-keygen" to create an SSH key.
You can use "ssh-copy-id" to copy your SSH key to the target system you
want to connect to.
On 9/10/2021 4:19 am, Billy Ashton wrote:
Hi all! I see we have been talking some about FTPS, so now I want to
spin the letters
On 8/10/2021 7:50 am, Tom Brennan wrote:
I'll repeat what I always say about this. If I was hacking a
mainframe I wouldn't start with the mainframe, I'd start with the
sysprog or security admin's PC or Mac or email or phone or whatever.
In that case it doesn't matter one bit how well the
Must be quite a set of parameters to bust 32K,
At 05:15 PM 10/8/2021, Paul Gilmartin wrote:
On Fri, 8 Oct 2021 16:19:56 -0500, Michael Oujesky wrote:
>If I recollect correctly, we had both the userid and password in an
>encrypted file that duirng the file transfer job was decrypted to a
>VIO
> 01 RECORD-NAME.
> 05 SUBSECTION-NAME.
> MOVE SUBSECTION-NAME TO WS-SUBSECTION-NAME.
> 25779 IGYPS0037-S "SUBSECTION-NAME" was not a uniquely defined name. The
> definition to be used could not be determined from the
> context. The reference to the name
This is an Enterprise COBOL V6.2 question. I am not sure if this is a compiler
issue or a programmer misunderstanding issue.
I have a COBOL subroutine which has multiple nested programs within it. The
general structure is as follows (it's actually far more complicated with COPY
members and
On Fri, 8 Oct 2021 16:19:56 -0500, Michael Oujesky wrote:
>If I recollect correctly, we had both the userid and password in an
>encrypted file that duirng the file transfer job was decrypted to a
>VIO dataset that was used as the input to the data transfer facility.
>
How did you keep the key to
Classification: Confidential
There are a number of hacks that obscure the password in SFTP batch.
The easiest and best method I have come across are public/private keypairs
The keypairs may be stored in your ESM, or in the Unix File System.
I heartily recommend CoZ:SFTP Toolkit
All I know is that the first MVS (or was it OS/390?) shop I worked with,
back in 1983, called them phases. After that shop, I was in VSE shops
until 10 years ago. Only upon returning to VSE did I first hear "load
module" and "objects". I just figured that when they moved to using
"Binder",
If I recollect correctly, we had both the userid and password in an
encrypted file that duirng the file transfer job was decrypted to a
VIO dataset that was used as the input to the data transfer facility.
What Line limit are you dealing with? 72 or larger?
At 03:19 PM 10/8/2021, Billy
z/OS has program objects and load modules. Within legacy load modules there
might be segments or overlays. But a/OS does not have phases.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List
Is anyone aware of a version of Netcat that works with Unix Systems Services ?
Was there something in the Tools and Toys page
Jerry Whitteridge
jerry.whitteri...@albertsons.com
Manager Mainframe Systems & HP Non-Stop
Albertsons Companies
Warning: All e-mail sent
It's easy to write a REXX function in assembler to return the output of a
DESERV in compound variables.
Isn't there a stage for listing directories?
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List
On Fri, 8 Oct 2021 16:19:29 -0400, Billy Ashton wrote:
>
>Does anyone have a batch job/JCL that they use for SFTP that hides a
>user/password? I have looked for some hours at Google, and everything I
>see has the user and password in clear text. I am looking for something
>like the NETRC file, or
On 10/8/2021 12:07 PM, Carmen Vitullo wrote:
I should have review the doc also, I see now what you are saying, and
if I was a betting man I'd think it was inadvertently documented in
IEARBUP
Apparently, it got renamed late in the development cycle and no one
updated the IEARBUP macro
Hi all! I see we have been talking some about FTPS, so now I want to
spin the letters around for SFTP with an easy question-I hope!
Does anyone have a batch job/JCL that they use for SFTP that hides a
user/password? I have looked for some hours at Google, and everything I
see has the user and
Yes, that's the one. I can read a number of languages, but Polish isn't among
them; I fed that article to Google Translate, and with a few bobbles it did a
fair job. I remember a reference in the translation to the "FTP hotel", which
I guessed means the FTP server, but for the most part the
Phase is equivalent of load module.
On Sat, Oct 9, 2021, 05:37 Paul Gilmartin <
000433f07816-dmarc-requ...@listserv.ua.edu> wrote:
> On Fri, 8 Oct 2021 11:30:44 -0400, Tony Thigpen wrote:
>
> >A phase in z/VSE is the same as a phase in z/OS, But, the CSECT info is
> >not as complete as in
I should have review the doc also, I see now what you are saying, and if
I was a betting man I'd think it was inadvertently documented in IEARBUP
Carmen
On 10/8/2021 2:00 PM, Carmen Vitullo wrote:
I found on my 2.4 target sysres
SYS1.MACLIB(IEARBUP), the text your referred to is in this maco
I found on my 2.4 target sysres
SYS1.MACLIB(IEARBUP), the text your referred to is in this maco
Carmen
On 10/8/2021 1:47 PM, Paul Schuster wrote:
Hi:
In the z/os 2.4 MVS Programming: Authorized
Assembler Services Reference, Volume 2
(EDT-IXG) in the IEARBUP section, there is this sentence:
I'm sort of intrigued by the notion of 'magical SVC'. I know it's a figure
of speech, but I categorically disbelieve in magic. For the whipper
snappers among us, our beloved SDSF started out in the 1980s as an
IUP--installed user program. Written as I understand it by a couple of IBM
customer SEs.
Hi:
In the z/os 2.4 MVS Programming: Authorized
Assembler Services Reference, Volume 2
(EDT-IXG) in the IEARBUP section, there is this sentence:
"Macro IEARBUPM provides equate symbols for the return and reason codes."
However, IEARBUPM doesn't seem to be in MACLIB or MODGEN.
So 1) was it
On Fri, 8 Oct 2021 11:30:44 -0400, Tony Thigpen wrote:
>A phase in z/VSE is the same as a phase in z/OS, But, the CSECT info is
>not as complete as in z/OS.
>
What's a "phase in z/OS"?
I need a vocabulary lesson. or a citation to a manual.
-- gil
On Fri, 8 Oct 2021 14:42:57 +, Seymour J Metz wrote:
>DCB=(LRECL=256,BLKSIZE=256) works well. I've' also used KEYLEN=8, However, is
>there any reason not to use DESERV for new code?
>
Rexx?
Pipelines?
-- gil
--
For
Yes, I remember this article. I also read that in Polish. :-)
And at the time whole police report was leaked. 200+ pages.
It was definitely impossible without intercepted password and many
configuration mistakes.
HTTP vulnerability was also there, but it was not the way to hack in.
>Hi,
>I was asked to attempt to link a object deck from VSE in z/OS.
>The program is a COBOL2 program, but the source has been lost.
I have been recommending The Source Recovery Company for 25 years!
https://www.source-recovery.com/
You can send them your executable (not the object deck) and
Yes, an ID they got hold of -- my impression was that it was the original ID --
had read access to the RACF database. They downloaded it, and posted questions
here and there about how RACF passwords are encrypted. Within a few days a new
version of John the Ripper appeared, reworked for RACF.
On 10/8/2021 8:18 AM, David Spiegel wrote:
From what I recall, the bad guys had "READ" to the RACF Database. (It
helps to have incompetent SecAdmin staff and auditors.)
These days, one would be beyond negligent to ignore the warnings issued
by the RACF_SENSITIVE_RESOURCES health check. (Was
A phase in z/VSE is the same as a phase in z/OS, But, the CSECT info is
not as complete as in z/OS. While z/OS has the information for the
original different CSECTs used to build the phase, z/VSE only saves the
main CSECT identification information. Restated, all the subroutines
that may have
Exactly right.
Sent from Yahoo Mail for iPhone
On Friday, October 8, 2021, 8:54 AM, Bob Bridges wrote:
The way I read in the long Polish article about the Logica hack, when I
researched it back in 2013, is that there was speculation about USS and about
an HTTP flaw, but the forensics folks
Dude, you need to quit being a lemming afraid to challenge the know it alls. Oh
wait.
Sent from Yahoo Mail for iPhone
On Friday, October 8, 2021, 8:34 AM, zMan wrote:
And you were. In those exchanges, that makes one of you.
On Thu, Oct 7, 2021 at 9:00 PM Charles Mills wrote:
> Sincere
Hi Bob,
From what I recall, the bad guys had "READ" to the RACF Database. (It
helps to have incompetent SecAdmin staff and auditors.)
They downloaded it and then dictionary-attacked it easily, because there
was no password limitation and there was no trivial-password-exclusion list.
Also, NVAS
The way I read in the long Polish article about the Logica hack, when I
researched it back in 2013, is that there was speculation about USS and about
an HTTP flaw, but the forensics folks in the end thought they probably got hold
of a password in the good old-fashioned way and went from there.
Phases in the CIL used to be non-relocatable, so adcons would certainly have
been a problem in the old days. I don't know what the status is in z/VSE.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List
Still a mainframe, and the demonstration of MVS at SHARE was certainly MVS.
What was security like on TSS/360 and TSS/370?
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf
It's trivial for mounted file systems. However, as others have noted, the real
problem is testing migrated file systems.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of
Hi R'Shmuel; AMV"SH,
"... What about the Christmas Card Worm? ..."
That was AFAIK on a VM system, not, an MVS system.
Regards,
David
On 2021-10-08 10:35, Seymour J Metz wrote:
Historically, there have been many poorly run shops. Prior to MVS, older
systems were wide open and even systems
DCB=(LRECL=256,BLKSIZE=256) works well. I've' also used KEYLEN=8, However, is
there any reason not to use DESERV for new code?
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on
The real problem he's going to have is ACONs. Usually they are referenced
around a partition, no?
Joe
On Fri, Oct 8, 2021 at 9:13 AM Seymour J Metz wrote:
> What do you consider to be the MVS equivalent of a phase, and what utility
> are you using to convert a load module to an object module?
IMO you were doing fine, Mr Mills. The only thing I might suggest is that you
let unearned obstreporosity drop off into the void unnoticed. In addition to
being more fun for lurkers who don't care to read such exchanges, surely that'd
be more frustrating to anyone hoping for a quarrel
Historically, there have been many poorly run shops. Prior to MVS, older
systems were wide open and even systems with storage protection were swiss
cheeses.
07F0
0A0C
Didn't somebody delete an unsecured system data set during IBM's MVS
demonstration at SHARE? What about the Christmas Card
And you were. In those exchanges, that makes one of you.
On Thu, Oct 7, 2021 at 9:00 PM Charles Mills wrote:
> Sincere apologies. I was trying to be constructive.
>
Bill, you need to put the crack pipe down.
--
For IBM-MAIN
My understanding is that most security breaches are either inside jobs or
involve social engineering. Procedural and technological measures are
absolutely necessary, but they are not enough.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
What do you consider to be the MVS equivalent of a phase, and what utility are
you using to convert a load module to an object module?
Certainly you can relink (rebind) and delete extraneous csects, but that's
somewhat of a manual process and still doesn't give you card images.
--
Shmuel
While I never worked with RLS, I found this issue to be an interesting one
to research since I performed
quite a bit of CICS LSR tuning 20 years ago.
>From what I have found in the main z/OS manuals and Redbooks, the lock
structure needs to be enlarged.
Additionally, if the MAXSYSTEM parameter
PPTT, unless you consider training to be part of process. Training should
include periodic training on changes.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of
Filip
Thank you, Marna. I’ll sent it now.
Rich Smrcina
> On Oct 8, 2021, at 8:54 AM, Marna WALLE wrote:
>
> Hi Rich,
> Please open a Case so we can see what is going on. If you like, please email
> me the Case number so I can see what it is.
>
> This is the statement that we had in the
Hi Rich,
Please open a Case so we can see what is going on. If you like, please email
me the Case number so I can see what it is.
This is the statement that we had in the Announcement, which indicates that
z/OSMF - at z/OS V2.5 GA on Sept 30, 2021 - should have z/OSMF starting on it.
"With
I've been at multiple shops that had magic SVCs. At one shop that had two, I
was allowed to remove one but not another. In one shop where I discovered an
error in the authentication code, I was ordered to not mention it to the
auditors. I naively expect such to die with the advent of APF, but
I would be interested in participating in a conf call or a private call
with developers
thank you
Carmen
On 10/8/2021 7:55 AM, Domenico D'Alterio wrote:
Hello List,
I see that the IBM announcement
Domenic,
Tell me more, please.
Mitch
Sent from the all new AOL app for iOS
On Friday, October 8, 2021, 8:05 AM, Domenico D'Alterio
wrote:
Hello List,
I see that the IBM announcement
Hello List,
I see that the IBM announcement
https://www.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/3/649/ENUSA21-0533/index.html=en_locale=en
triggered a lot of questions.
I am the Senior Product Manager in IBM working on this new project, so it will
be a completely new offering
I'm not IBM expert, but...
1. This is bad or not followed procedure. BTW: I made it impossible in
my shop, since day 0. It was never ever possible to get new password on
production without procedure. The procedure was inconvenient, more time
consuming compared to call, but it wasn't bypassed.
W dniu 08.10.2021 o 01:26, Charles Mills pisze:
[...]
It is not an anti-mainframe position to advocate for mainframe security. "Oh, we
have nothing to worry about" is surely the enemy of security.
Charles
Amen to that!
--
Radoslaw Skorupka
Lodz, Poland
There is big difference between stolen money from tent on the camping
and stolen money from bank safe, which was not closed because someone
did not do his duty.
The safe can be locked, but the tent cannot be effectively secured.
--
Radoslaw Skorupka
Lodz, Poland
W dniu 08.10.2021 o 01:18,
First part of my answer was kind of joke. Wasn't it clear?
Second part provided some means, products and opinions.
Regarding magic SVCs - I have *never* found any. Yes, I met and fixed
some other mistakes you mentioned.
And yes, such point should be on auditor checklist.
And yes, people tend
I’ve not seen the first one, but the second one is a joke.
ITschak
בתאריך יום ו׳, 8 באוק׳ 2021 ב-5:17 מאת Nash, Jonathan S. <
01abdcef2f3c-dmarc-requ...@listserv.ua.edu>:
>
> Philip Young
> “Soldier of Fortran”
> Mainframe hacker videos from 6 years ago :-(
>
> https://youtu.be/Xfl4spvM5DI
59 matches
Mail list logo