Re: mainframe hacking "success stories"?

from Yahoo Mail for iPhone > > > On Monday, May 6, 2019, 3:53 PM, Bigendian Smalls > wrote: > > Which is how 80% of all the hacks today start. Find purchase and advance > your position. This is how the game is played. It was as classic of a hack as > anything today. > >>

Re: mainframe hacking "success stories"?

Which is how 80% of all the hacks today start. Find purchase and advance your position. This is how the game is played. It was as classic of a hack as anything today. > On May 6, 2019, at 21:43, Bill Johnson > <0047540adefe-dmarc-requ...@listserv.ua.edu> wrote: > > Still never would

Re: mainframe hacking "success stories"?

Charles is correct. He found vulnerabilities in DFS I believe. Used that for privesc. > On May 6, 2019, at 21:17, Charles Mills wrote: > > No. > > From the link you cite: > > "According to various sources, the hackers succeeded in finding (and > exploiting) at least 2 previously unknown

Re: ZPDT usb issue after lunux update.

An update on this for those using CentOS or RHEL. Got it working just fine tonight. The problem exists in the update of glibc to 157.el7_3.1 The last version that I can make work (of glibc) is 106.el7_2.6 The 106 version of glibc is in the 1511 minor release of CentOS 7.2.

Re: ZPDT usb issue after lunux update.

The issue is with the USB licensing / sw protection system (sentinel by gemalto) and it’s interaction with either a kernel code/module, or library update (like a libc etc) For CentOS anyway, I’ve almost got it narrowed down to the exact update (presume it’ll be the same for RedHat etc). When

Re: Interested in portable mainframes?

> "Drink waters out of thine own cistern, and running waters out of thine own > well." -Proverbs 5:15 This stuff just got biblical.It’s about time. :) > -- > Jack J. Woehr # Science is more than a body of knowledge. It's a way of > www.well.com/~jax # thinking, a way of

Interested in portable mainframes?

See this webinar about RD "DRINKING OUR OWN CHAMPAGNE, WITH Z SYSTEMS DEVELOPMENT AND TEST ENVIRONMENT V10 (2)” Start Date:1/24/2017 Start Time:12:00 PM CST Duration:60 minutes https://vts.inxpo.com/scripts/Server.nxp?LASCmd=AI:4;F:QS!10100=36587

Re: TSO Setup on SSH

Have you tried running the daemon in foreground/debug mode to see what it's trying to do and failing on? You can run the client also with debug messages, if necessary. This solves 99% of my wonky ssh issues. sshd -dd -D -f /your-sshd-file Chad > On Dec 11, 2016, at 05:25, venkat kulkarni

Re: Why Can't You Buy z Mainframe Services from Amazon Cloud Services?

. Nope. Respectfully, Chad > On Dec 9, 2016, at 12:40 AM, Timothy Sipples <sipp...@sg.ibm.com> wrote: > > Bigendian Smalls wrote: >> TL;DR - there needs to be a free version of z/os & it’s siblings sooner > than >> later, to not do this is to potentially starv

What about that nextgen? [was Re: Why Can't You Buy z Mainframe Services from Amazon Cloud Services?]

Not to be contrarian, but - well - let me be contrarian. Rant coming. TL;DR - there needs to be a free version of z/os & it’s siblings sooner than later, to not do this is to potentially starve the platoform out of existence as we know it. I don’t think, for a moment, that when people ask

Re: [EXTERNAL] Re: z/OS Web Based Dropbox ?

If it were me, I’d start by Googling open source web file sharing or open source private cloud. I think the issue is starting with “Z” based xyz. Most / many technologies can / will run on z if they’re java / c / plain ol’ web type stuff - you might very well be able to port or even just

Re: Apache Virtual Server Setup

I am trying to setup a virtual server on zos 2.2 apache http server. My intent is to have anyone coming in on ip 12.1.1.12:80 to be directed to a welcome page html. But I keep getting the access error below. I have tried many, many different directive variations but no luck. Any examples or

Re: Mainframe systems programmer ID 'vaulting'

This is something I hadn’t heard much about, but a couple questions come to mind - for anyone who has thought about or implemented this: 1) If you have a pool of IDs, then are you losing granularity with which you might want to assign privelages? Meaning you now have to have IDs that have

Re: Sftp implementation

especially when FTP/S isn't configured. On Nov 18, 2016, at 06:07, David Crayford <dcrayf...@gmail.com<mailto:dcrayf...@gmail.com>> wrote: On 18/11/2016 7:52 PM, Bigendian Smalls wrote: Any Linux or unix or MacOS has sftp built in. I believe only binary transfers are possible with t

Re: Sftp implementation

Any Linux or unix or MacOS has sftp built in. I believe only binary transfers are possible with these, you'll have to character convert separately. But it'll be sufficient to test your implementation. > On Nov 18, 2016, at 05:10, David Crayford wrote: > > I've googled

Re: wget for omvs?

Rocket ported tools has curl. > On Oct 14, 2016, at 1:36 PM, Dyck, Lionel B. (TRA) wrote: > > Is there a OMVS version of WGET? > > Thanks > > -- > Lionel B. Dyck (TRA Contractor) > Mainframe Systems

Re: Why not an IBM personal use z/OS license? (Was "Installation Improvements (was ...")

You can run z/PDT on a Linux VM in a free or cheap hypervisor (Like vmware fusion or virtualbox) on a small Mac or PC giving it only 1 CP and ~3G ram if you're the only one on it. Don't need to pay for SUSE or CENTos (both are supported and free). It works pretty well in this config if all

Re: Why not an IBM personal use z/OS license? (Was "Installation Improvements (was ...")

Thoughts - Charles is right on. And: > How can IBM know that your hardware is working correctly and they aren't > having to diagnose your hardware system rather than just diagnosing their > software, if you get what I mean? The license would be 'as is' - no support. And it'd be easier to

EMC VMAX zero days found

Not necessarily IBM specific, but probably of interest to some. http://www.cio.com/article/3126816/dell-emc-patches-critical-flaws-in-vmax-enterprise-storage-systems.html http://arstechnica.com/security/2016/10/security-company-finds-five-zero-day-flaws-in-emc-management-console/

Re: IBM Knowledge Centre

While we are piling on, I agree - it’s pretty miserable (and still full of broken links).The only reasonable way to find anything these days is searching one at a time (which works fairly well) but I miss the tree-driven system, and generally revert to the PDFs now constantly. Chad > On

Re: z/OS OpenSSL, SelfSigned Certs, etc

t is MORE secure, or at least, that the security is 100% in your hands. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Bigendian Smalls Sent: Wednesday, June 22, 2016 8:46 AM To: IBM-MAIN@LISTSERV.UA.EDU<mailto:IBM-MAIN@lis

Re: z/OS OpenSSL, SelfSigned Certs, etc

Well said Charles!Slightly OT - It’s also worth noting that while the powers of the internet have seen fit to bless the likes of Verisign and GoDaddy as “trusted” they’ve also blessed quite a few others with more dubious roots. The latest revision of Firefox, for example, has 168 unique

Re: Mirror/back up your Development DASD

In general .. Mirroring is a recovery technology for infrastructure - should you lose hardware / geographic incident, etc. - If you have any data corruption (intentional or otherwise) - Mirroring just makes it worse.. If you’re serious about having a development environment (Most shops are

Re: IBM secure z/OS software delivery: Don't get locked out!

> However, you will be able to use HTTPS. Kurt - that hasn’t been my experience on z/OS 2.1. Without Sec Lvl 3 (JCPT411) the test SMP/E download job fails - captures show that it cannot negotiate a common cipher suite with the server - and fails right after the Client Hello - as I’d expect

Re: Passable April Fool's joke

My favorite, along this line, was taking a screenshot of the users desktop and replacing their wallpaper with this, then hiding the desktop icons. The gift that keeps giving. Chad. > On Apr 1, 2016, at 11:10 AM, Pommier, Rex wrote: > > Hmm, mine works on a

Re: OT but hopefully amusing - FBI, iPhone and water

That’s a satire piece, but I”m sure you knew that :) The NAND chip replacement avenue, as far as I’ve heard, is not the route they’re going with this - it’s a software exploit from all I have seen. Chad > On Mar 29, 2016, at 12:11 PM, Roach, Dennis wrote: > > Has

Re: Unix System Services question

Check out the zfsadm command for info on the volume. It's likely a mount point at /usr. https://www.ibm.com/support/knowledgecenter/#!/SSLTBW_2.1.0/com.ibm.zos.v2r1.ioea700/ioea7zcmd1008032.htm Chad > On Mar 21, 2016, at 4:41 PM, Scott Ford wrote: > > All, > > How do

Re: gist.github.com unreachable [was: RE: rexx and tso alllocate]

> > How much malware is there on github? The only malware I'm aware of is the > stuff security companies throw up for scrutiny. No idea. How much is too much if you get hit by, say some type of ransomware?

Re: Alleged mainframe breach to add to the list

It was an AS400 according to the full report Behind the scenes, KWC was a likely candidate for a data breach. Its internet- facing perimeter showed several high-risk vulnerabilities often seen being exploited in the wild. The OT end of the water district relied heavily on antiquated computer

Re: gist.github.com unreachable [was: RE: rexx and tso alllocate]

: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Bigendian Smalls > Sent: Friday, March 04, 2016 12:00 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: gist.github.com unreachable [was: RE: rexx and tso alllocate] > >> On Mar 4, 2016, at 10:46 A

Re: gist.github.com unreachable [was: RE: rexx and tso alllocate]

On Mar 4, 2016, at 10:46 AM, Leonardo Vaz wrote: > > You could be right, it might just be unintentional blocking. > > I would certainly prefer this version vs intentional blocking since the later > is pretty much security by obscurity (as long as you don't know the code you

Re: gist.github.com unreachable [was: RE: rexx and tso alllocate]

> 192 prefixed IP addresses are class C addresses > https://en.wikipedia.org/wiki/Classful_network. That's a deprecated term. Since this introduction of cidr addresses there really aren't classes of addresses anymore. The only special 192.x.x.x addresses are the private space as has been

Re: gist.github.com unreachable [was: RE: rexx and tso alllocate]

192.168.0.0/16 is the private address space. This IP is outside that. Were I a betting man, I'd say many employers block some or all GitHub as a security risk because of he possibility of people downloading malicious code. > On Mar 4, 2016, at 9:50 AM, Farley, Peter x23353 >

Re: Introducing Open Blockchain for IBM z Systems

Fantastic thank you. > On Feb 25, 2016, at 3:36 AM, Timothy Sipples wrote: > > Yes, take a look here for source code (with more to come, including as I > understand it more details on building on z): > > https://github.com/IBM-Blockchain >

Re: Introducing Open Blockchain for IBM z Systems

Hey Timothy - I’ve read quite a bit on blockchain - and agree it could be very game changing for certain types of applications. It was stated elsewhere that IBM’s implementation (along with their corporate and Linux partners) would be open source. Is it available yet? Cheers Chad > On

Re: On sort options orignally: zfs question root growth

> It seems, but it concerns me that one can't rely on the width in the format > specification for visual column alignment of tabular data. "C", but not awk, > may have additional format modifiers to make this work. Probably even > worse for DBCS with shift-in/shift-out sequences. > >>> On Feb

Re: On sort options orignally: zfs question root growth

Which part of that concerns you? Seems like expected awk & printf behavior no? > On Feb 20, 2016, at 7:37 PM, Paul Gilmartin > <000433f07816-dmarc-requ...@listserv.ua.edu> wrote: > >> On Sun, 21 Feb 2016 00:21:08 +, Bigendian Smalls wrote: >> &g

Re: On sort options orignally: zfs question root growth

Agreed 100% > On Feb 20, 2016, at 6:13 PM, Paul Gilmartin > <000433f07816-dmarc-requ...@listserv.ua.edu> wrote: > >> On Sat, 20 Feb 2016 00:41:22 +0000, Bigendian Smalls wrote: >> >> The answer may be in compiling it to be Unicode based. Gonna look into i

Re: On sort options orignally: zfs question root growth

To really make it go you need the whole autotools suite. Make autoconf automake m4 configure etc. Have had some luck getting most of those going. The usual stumbling blocks are code page as per usual. > On Feb 20, 2016, at 10:42 AM, Paul Gilmartin >

Re: ASCII vs. EBCDIC (was Re: On sort options ...)

Is there a defined klingon code page? > On Feb 20, 2016, at 11:07 AM, Charles Mills wrote: > > Going just from memory here -- too lazy or too inconsequential to look it up. > > 1. Yes, the bit has gone away. > 2. It never did much. After all, CLC or MVC does not care if the

Re: On sort options orignally: zfs question root growth

The answer may be in compiling it to be Unicode based. Gonna look into it with the extra 'round tuits. > On Feb 19, 2016, at 6:28 PM, Farley, Peter x23353 > wrote: > > AFAIK that version is strictly EBCDIC, intended to be run using JCL in batch > jobs

Re: On sort options orignally: zfs question root growth

Yes well there in lies the rub. I've been working on compiling gcc on and off for a while. Eventually I'll get it and share :) > On Feb 19, 2016, at 1:35 PM, Vince Coen <vbc...@gmail.com> wrote: > > Not on a m/f but loads of other kit. > > On 19/02/16 18:24, B

Re: On sort options orignally: zfs question root growth

ilmartin wrote: >> On 2016-02-19, at 10:14, Bigendian Smalls wrote: >>> I always feel like i have to backtrack skills learned over decades of other >>> ‘nix’s when using OMVS .. would be nice to have a modern complement of >>> tools and switches. >>> >&

Re: On sort options orignally: zfs question root growth

complement of tools and switches. Chad > On Feb 19, 2016, at 10:48 AM, Paul Gilmartin > <000433f07816-dmarc-requ...@listserv.ua.edu> wrote: > > On 2016-02-19, at 09:26, Bigendian Smalls wrote: >> >> I’m a big proponent of using the switches to be sure and

On sort options orignally: zfs question root growth

9:35 AM, Paul Gilmartin > <000433f07816-dmarc-requ...@listserv.ua.edu> wrote: > > On 2016-02-19, at 07:48, Bigendian Smalls wrote: > >> Tim have you tried this from a shell at the root of your ZFS partition (or >> just root / ) >> >> du -sk | sort

Re: zfs question root growth

> But beware; it may be resource-intensive. Alternatively you could du -sk * > file.txt then cat file.txt|sort Saving the trouble of doing it in memory. Though I suspect calculating the sizes of the folders is much much more intensive than sorting a relatively brief set of text. > Does UNIX

Re: zfs question root growth

Couple other commands handy to manage ZFS / other mountpoint sizes zfsadm aggrinfo ex: ... ZFS.DIR.U2 (R/W COMP): 1314251 K free out of total 2728080 df -kP ex: Filesystem 1024-blocksUsed Available Capacity Mounted on ... ZFS.DIR.U2 2728080 14138291314251

Re: zfs question root growth

Tim have you tried this from a shell at the root of your ZFS partition (or just root / ) du -sk | sort *that’s a pipe sign, not an I or an l :) drop the | sort if you just want to see the folder sizes in alphabetical order That should give you all the directories sizes in kilobytes sorted

Re: IBM z13s article.

Two factor auth in the OS is a big (and long overdue) deal. Has anyone heard of this in a general flavor of z/os or know what version / add-on might contain such a thing for the rest of us? > On Feb 16, 2016, at 9:10 AM, Dana Mitchell wrote: > > I found support for SSL

Re: So Long, and Thanks For All The Fish

That is a devastating loss. And sounds like bizarre circumstances-yet to get all the details. > On Dec 31, 2015, at 09:00, Andre Massena wrote: > > An this as well - > http://www.theregister.co.uk/2015/12/30/ian_murdock_debian_founder/ > > > > > Message

Re: So Long, and Thanks For All The Fish

Apologies to Shane I hadn't read beyond the first reply. Best sir. > On Dec 31, 2015, at 09:58, Bigendian Smalls <mainfr...@bigendiansmalls.com> > wrote: > > That is a devastating loss. And sounds like bizarre circumstances-yet to get > all the details. > >

Re: Any Git compliant Client for OMVS

Working on a git compilation - but it isn’t ready for prime time yet. I’ll let you know when it is. I haven’t seen any commercial or non-commercial version that work out of the box. I’m compiling from source. Slowly. Very Slowly. > On Dec 18, 2015, at 1:46 AM, Munif Sadek

Re: TAR Files:" Extracting" on a IBM Mainframe

check on pax command. think there's some overlap there. > On Dec 16, 2015, at 18:54, Pinnacle wrote: > >> On 12/16/2015 7:41 PM, Leonard Sasso wrote: >> Hello ! >> Anyone know of a product (besides Data21's ZIP/390 Product), that can >> "extract" a file(s) from a TAR

Re: Advanced Assembler Language and MVS Interfaces

Hey Bob - perfect! Any chance you’d be willing to take Paypal or Wells Fargo’s sure pay? Both just require an email address (being an employee of the latter I can vouch for it’s integrity). If not, no sweat - just gotta find a check, envelope, stamp, :) Perils of the 21st century.

Re: Accessing RESTful services from a z/OS batch job

Depending on the volume, python's usage of the REST APIs I've used (like Aws works great). I'm sure it'd be not to hard to do in REXX also from the few client HTTP code snippets I've seen in Google. But the python one works great - using Rocket's ported tools. fwiw. Chad > On Nov 23,

Re: Accessing RESTful services from a z/OS batch job

. >> On Nov 23, 2015, at 19:30, David Crayford <dcrayf...@gmail.com> wrote: >> >> On 24/11/2015 9:12 AM, Bigendian Smalls wrote: >> Depending on the volume, python's usage of the REST APIs I've used (like Aws >> works great). I'm sure it'd be not to hard to do

Re: Strange HMC issue

It occurs to me Tony, there could be a multitude things here. But one involves routes and routing tables. Presuming the two networks on your multi-homed HMC don't overlap (different subnets) I'd wonder how your routes in that box are set up (default and otherwise). #3 concerns me a little

Re: Strange HMC issue

y for . At first we thought maybe the the laptops > in the z10, but the ping does not fail if we disconnect the cable going to > the z10 switch. > > I wish I could get into the real linux and doing some displays. > > Tony Thigpen > > Bigendian Smalls wrote on

Re: HMC certificate SHA-2

Hi Nathan - I believe the HMCs come default with a self-signed certificate (meaning not generated by a real Certificate Authority), rather the kind that anyone can just create on their own - getting the encryption benefits, but not the verification ones that come with certificates. I think

Re: Extended Addressability for non-SMS VSAM

Lizette is correct. You need an SMS DC to get the EA but you don't need SMS to manage the allocation. I do this with ZFS and other non ZFS all the time. Chad > On Nov 10, 2015, at 05:26, Lizette Koehler wrote: > > I think you need a dataclas the adds the ea/ef

Re: I just bought an IBM z890

I think you want gofundme. More for a personal goal vs product. > On Nov 7, 2015, at 18:24, Charles Mills wrote: > > Does anyone have any experience with setting up an account on KickStarter? > > You need a budget or goal on KickStarter. What would a reasonable budget be

Re: I just bought an IBM z890

Outstanding … very cool > On Nov 6, 2015, at 3:05 PM, Connor Krukosky wrote: > > Mine is a model 320. > I wouldn't mind getting a larger system but the problem is if I can't just > trade say the PU Book and the SE's to do this then I would like to NOT have > to go

Re: Java and .jar files on OMVS

For binary you have to use sftp - uses the same back end as openssh. Very easy to configure - couple settings in the sshd_config file. For hashing I use ported tools OpenSSL. openssl md5 that works great. > On Nov 2, 2015, at 15:29, Paul Gilmartin >

Re: ICMP ping failure

hey Venkat - Pinging (even /bin/ping) requires root (if you look at it on a UNIX / linux machine it is almost always a SETUID binary, executing with root privelidges) privileges. The perl version is no different (same underlying reasons - opening a socket in raw mode is a high privilege

Re: ICMP ping failure

the other end is there. I would try this route - it’s the safest, doesn’t require privilege escalation and should work unless you have firewalls in the middle dropping those packets. Best, Chad On Oct 29, 2015, at 10:17 AM, Bigendian Smalls <mainfr...@bigendiansmalls.com<mailto:

Re: ICMP ping failure

type ping, but I suspect that might not have the same effect. TCP sockets do not require root permissions. On Oct 29, 2015, at 10:17 AM, Bigendian Smalls <mainfr...@bigendiansmalls.com<mailto:mainfr...@bigendiansmalls.com>> wrote: hey Venkat - Pinging (even /bin/ping) requires

Re: Big Blue lets Chinese government eyeball source code – report

Maybe a guilty conscience is the driver ? http://mobile.reuters.com/article/idUSKCN0SD0AT20151019 On Oct 18, 2015, at 23:13, Ed Gould > wrote: http://www.theregister.co.uk/2015/10/18/ibm_source_code_chinese_government/ Another take on

Re: (External):Re: IBM

It does beg the question of who is looking out, software vulnerability-wise, for those who don’t have enough clout to review source code. As Barry mentions, there is no such thing as perfect code. There is a lot of trust out there I think, and not enough skepticism / push back in this area.

Re: (External):Re: IBM

And - I don’t mean to imply at all that most companies are willfully abusing that fact, just simply that most software is a black box. > On Oct 17, 2015, at 11:08 AM, Clark Morris wrote: > > On Sat, 17 Oct 2015 06:16:47 -0700 (PDT), in bit.listserv.ibm-main you >

Re: IBM

Positively terrifying. I know large companies often get to review unthinkable source code, because of the risks this article states. But a foreign government, and China no less - seems risky. I’m sure it is done ‘eyes only’ and they don’t actually get to keep a copy. But still, stealing IP

Re: Having the mainframe on YouTube

Thanks Jack! - Chad > On Oct 15, 2015, at 2:49 PM, Jack J. Woehr wrote: > > Mark Post wrote: >> Related to this, Chad Rikansrud has written a blog post about APAR OA43999 >> and just how much that APAR improves RACF's encryption. >>