Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

I have to disagree, over the last 3 years only 5 sites were government related, and 2 were universities. Brian -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

the mainframe Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Brian Westerman Sent: Monday, July 17, 2017 7:39 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again I sort

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

On Mon, Jul 17, 2017 at 9:39 PM, Brian Westerman < brian_wester...@syzygyinc.com> wrote: > I sort of "specialize" in upgrading sites that have put off an upgrade to > a more current OS for (quite) a while and I can tell you from experience > with over 100 of these sites that there are LOTs of

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

I sort of "specialize" in upgrading sites that have put off an upgrade to a more current OS for (quite) a while and I can tell you from experience with over 100 of these sites that there are LOTs of reasons for them being at that old release, and all (well, the vast majority any way) of them

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

Scott Ford wrote: >But from a application point of view, if the application is using AT/TLS >and there are Pagent protection policies for PORTS/IP addresses and the >application is using encryption, where's the risk ??? There's plenty of risk when running an unsupported, unpatched release. Even

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

d not completing it so as to tie up resources > and make real connections impossible. > > https://en.wikipedia.org/wiki/Denial-of-service_attack re: http://www.garlic.com/~lynn/2017g.html#74 Running unsupported is dangerous was Re: AW: Re: LE strikes again http://www.garlic.com/~lynn/20

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again As a vendor i have been receiving questions about DoS attacks on z/OS .. I understand the idea / concept of perimeter defense , i was a Network Engineer in a pass life. But from a application poi

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

idfli...@gmail.com (scott Ford) writes: > As a vendor i have been receiving questions about DoS attacks on z/OS .. > I understand the idea / concept of perimeter defense , i was a Network > Engineer in a pass life. > But from a application point of view, if the application is using AT/TLS > and

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

urity can interdict that. > > https://en.wikipedia.org/wiki/Minox#Technical_details_of_ > Minox_8.C3.9711_cameras > > re: > http://www.garlic.com/~lynn/2017g.html#74 Running unsupported is > dangerous was Re: AW: Re: LE strikes again > > also in the wake of the company's &q

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

ported is dangerous was Re: AW: Re: LE strikes again also in the wake of the company's "pentagon papers" type event, they retrofitted all company copier machines with serial number identifier on the underside of the glass, that would show up on all pages copied. example from this copi

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

On Wed, 12 Jul 2017 18:58:44 -0700, Anne & Lynn Wheeler wrote: > >... all FS documents were softcopy and could only be read >from specially connected 3270 terminals (no file copy, printing, etc, >before ibm/pc and things like screen scraping). some FS refs

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

charl...@mcn.org (Charles Mills) writes: > Frankly, in the beginnings of computing, including in DOS and OS/360, > there was often an assumption that all users -- at least all "real" > (TSO and development, as opposed to CICS or application) users -- were > trusted. There was a lot of your gun,

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

artin Sent: Wednesday, July 12, 2017 4:32 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again I think it was a philosophical blunder early in OS, to presume that a caller could always be relied on to validate arguments, so called progra

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

On Wed, 12 Jul 2017 18:38:39 -0400, Tony Harminc wrote: >On 12 July 2017 at 12:21, Charles Mills wrote: > >> It's not the malware you know about that should worry you the most. The >> phrase "zero day exploit" comes to mind. > >With something as old as z/OS 1.4 it's not even just zero-days. There

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

On 12 July 2017 at 12:21, Charles Mills wrote: > It's not the malware you know about that should worry you the most. The > phrase "zero day exploit" comes to mind. With something as old as z/OS 1.4 it's not even just zero-days. There are several well known gaping holes in z/OS

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

x on z + WINE = bad idea) From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Itschak Mugzach <imugz...@gmail.com> Sent: Wednesday, July 12, 2017 13:36 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

he malware you know about that should worry you the most. The > phrase "zero day exploit" comes to mind. > > Charles > > > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of R.S. > Sent: Wednesday, Ju

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

. Sent: Wednesday, July 12, 2017 8:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again W dniu 2017-07-12 o 15:53, Charles Mills pisze: >> I know some malware for Win10, but I cannot remind any for z/OS 1.4... > Partially because

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

W dniu 2017-07-12 o 15:53, Charles Mills pisze: I know some malware for Win10, but I cannot remind any for z/OS 1.4... Partially because most of the community has a policy of publicizing vulnerabilities, but z/OS does not. The fact that you do not know of any malware for z/OS 1.whatever does

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

One would assume that the older z/OS system is important to the installation. That the data on the system is important, who can review and update the data is important, as well as the system's availability. Key Resources, Inc has direct knowledge of vulnerabilities on older, non-supported

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

o: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again W dniu 2017-07-12 o 08:40, Timothy Sipples pisze: > Clark Morris wrote: >> Running 1.4 on any system that isn't isolated is the equivalent of >> running Windows XP. > I think

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

W dniu 2017-07-12 o 08:40, Timothy Sipples pisze: Clark Morris wrote: Running 1.4 on any system that isn't isolated is the equivalent of running Windows XP. I think Charles Mills provided some interesting, useful follow-up remarks. I wholeheartedly agree that sole reliance on "perimeter"

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

Clark Morris wrote: >Running 1.4 on any system that isn't isolated is the equivalent >of running Windows XP. I think Charles Mills provided some interesting, useful follow-up remarks. I wholeheartedly agree that sole reliance on "perimeter" defense no longer makes sense, if it ever did. Risk

AW: Re: LE strikes again

>>SLIP SET,C=0C1,J=jobname,ML=1,END >> >>Then have them load the dump into IPCS, select option 2.2 and send you the >>results. > > >I don't think you can SLIP trap an 001 program check as long as LE is running >with TRAP(ON,SPIE). LE's ESPIE exit will gain control before SLIP; and LE will

Re: Running unsupported is dangerous was Re: AW: Re: LE strikes again

-- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Clark Morris Sent: Tuesday, July 11, 2017 6:18 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Running unsupported is dangerous was Re: AW: Re: LE strikes again [Default] On 10 Jul 2017 21:58:28 -0700, in bit.listserv.ibm

Running unsupported is dangerous was Re: AW: Re: LE strikes again

[Default] On 10 Jul 2017 21:58:28 -0700, in bit.listserv.ibm-main p...@gmx.ch (Peter Hunkeler) wrote: You can also use a JCL statement to override (if available) LE Parms. https://www.ibm.com/support/knowledgecenter/SSLTBW_1.13.0/com.ibm.zos.r13.ceea500/ceedd.htm >>> >>>

AW: Re: LE strikes again

>I never knew that! I will ask the customer to update the JCL to use the PARM >field. ... and ask them to add a //SYSABEND DD SYSOUT=h DD-Statemebt, where "h" is a HOLD class, so that you can have a look or get information from the dump. -- Peter Hunkeler

AW: Re: LE strikes again

>SLIP SET,C=0C1,J=jobname,ML=1,END > >Then have them load the dump into IPCS, select option 2.2 and send you the >results. I don't think you can SLIP trap an 001 program check as long as LE is running with TRAP(ON,SPIE). LE's ESPIE exit will gain control before SLIP; and LE will do error

AW: Re: LE strikes again

>>>You can also use a JCL statement to override (if available) LE Parms. >>> >>> https://www.ibm.com/support/knowledgecenter/SSLTBW_1.13.0/com.ibm.zos.r13.ceea500/ceedd.htm >> >> >>No, he can't because he's on z/OS 1.4. I already proposed CEEOPTS DD, and >>Norbert Friemel remembered me it's not

AW: Re: LE strikes again

>The CEEOPTS-DD-statement was new in z/OS 1.7 Ooops..., I forgot about this fact. Too long ago. Can you try the TRAP(OFF) via EXEC PARM? For C, I believe LE PARMs come before program options in the PARM and have to end with a slash / -- Peter Hunkeler