On 1/13/2018 3:24 PM, Fred Cisin via cctalk wrote:
(I'm unaware of any punch-card attacks, but trojans were possible when
people used prior subroutines)
When I was using cards with our campus 360/50 MVT system and you could
submit probably anything, a friend in EE (we were squatters in the CS
area) had worked a summer job and had a really nice program they'd ran
which now days would be called a text based football game.
All one had to do was stick a job card in front of a deck, and we
submitted our own jobs via a 2501 which was in the hall outside the
computer room. Users loaded and fed their own cards, so there was no
restriction on when the job ran.
He decided to get a listing and figured if he stuck a job card in front
if it and a couple of DD statements the job would blow up and he'd get a
listing.
All of the I/O was with WTO and WTOR. The operator that afternoon
quickly discovered that WTOs were not disabled by the sysgen, and worse,
there was only the single 1050 console, so the only way to get thru the
job and get other things running was to play a game.
And even worse, if he took too long, a fun feature of MVT and not
corrected in MVS was if a console channel went unavailable for too long,
the system would crash. Luckily the game would print out a line, and a
blob of console messages would come out then ask for another move.
Took 10 minutes to lose a game.
The system administrators regenerated the system to add privilege and
authorization to jobs using WTOR which they'd missed.
We found other fun holes like that in MVT.
When we were put over to a VS/1 system via TSO terminals, a console
message monitor, and a password snarfing program was developed and ran
quite a lot via remote access (system and terminals were in different
cities).
That was all OS of course, and some of it was something that could be
disabled by sysgen options. The password snarfing was not.
thanks
Jim
