Re: Malicious Software Protection

[McKown, John]

Just remember: "The only secure computer is the one which is powered down." And 
likely smashed up by a sledge hammer. 

John McKown 

Systems Engineer IV

IT

 

Administrative Services Group

 

HealthMarkets®

 

9151 Boulevard 26 . N. Richland Hills . TX 76010

(817) 255-3225 phone . 

john.mck...@healthmarkets.com . www.HealthMarkets.com

 

Confidentiality Notice: This e-mail message may contain confidential or 
proprietary information. If you are not the intended recipient, please contact 
the sender by reply e-mail and destroy all copies of the original message. 
HealthMarkets® is the brand name for products underwritten and issued by the 
insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance 
Company®, Mid-West National Life Insurance Company of TennesseeSM and The MEGA 
Life and Health Insurance Company.SM

 

> -----Original Message-----
> From: IBM Mainframe Discussion List 
> [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of R.S.
> Sent: Wednesday, March 28, 2012 4:14 PM
> To: IBM-MAIN@bama.ua.edu
> Subject: Re: Malicious Software Protection
> 
> The problem is we don't believe. :-)
> 
> 
> -- 
> Radoslaw Skorupka
> Lodz, Poland
> 
> 
> 
> W dniu 2012-03-28 22:45, Ray Overby pisze:
> > Yes, I believe I have a way to attack a mainframe system 
> where I don't
> > have access.
> >
> >
> > Ray Overby
> > Key Resources, Inc.
> > Ensuring System Integrity for z/SeriesT
> > www.zassure.com
> > (312)574-0007
> >
> >
> > On 3/28/2012 02:03 AM, Elardus Engelbrecht wrote:
> >> Ray Overby wrote:
> >>
> >>> I am a vendor so take my post with a grain of salt. For those that
> >>> don't like vendors to respond stop reading now...... (flame on)
> >> I will take your post seriously. I have reviewed you webpage. Very
> >> interesting.
> >>
> >> You confirmed what I suspected, especially after those 
> threads about
> >> [mis]use of SVC.
> >>
> >> One question if you don't mind please:
> >>
> >> Can you use or prove your point (elevating TSO, suppress SMF, etc)
> >> without being given access to a system in the first place? 
> The idea is
> >> that you could enter a system and elevate yourself and 
> place somewhere
> >> a signature to prove that you could 'white hack' the target system.
> >>
> >> Just a yes or no, please, because I realize that due to 
> the nature not
> >> too much info can be divulged.
> >>
> >>
> >>> The ESM products did not stop the TSO user from exploiting this
> >>> vulnerability.
> >> Very true. ESM is just a database.
> >>
> >> As said many times on RACF-L, it is the caller which call 
> ESM, the ESM
> >> decides on what is found in its own database and report back with
> >> RC=0/4/8 plus reason codes.
> >>
> >> It is up to the whatever caller to honour the RC from an ESM.
> >>
> >>
> >>> If you are not concerned that your users can crash your 
> z/OS system
> >>> at any time (maliciously or accidentally)
> >> As I have said, it is the INSIDER who are probably the 
> greatest threat.
> 
> 
> --
> Tre tej wiadomoci moe zawiera informacje prawnie 
> chronione Banku przeznaczone wycznie do uytku subowego 
> adresata. Odbiorc moe by jedynie jej adresat z wyczeniem 
> dostpu osób trzecich. Jeeli nie jeste adresatem niniejszej 
> wiadomoci lub pracownikiem upowanionym do jej przekazania 
> adresatowi, informujemy, e jej rozpowszechnianie, 
> kopiowanie, rozprowadzanie lub inne dziaanie o podobnym 
> charakterze jest prawnie zabronione i moe by karalne. 
> Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie 
> zawiadomi nadawc wysyajc odpowied oraz trwale usun t 
> wiadomo wczajc w to wszelkie jej kopie wydrukowane lub 
> zapisane na dysku.
> 
> This e-mail may contain legally privileged information of the 
> Bank and is intended solely for business use of the 
> addressee. This e-mail may only be received by the addressee 
> and may not be disclosed to any third parties. If you are not 
> the intended addressee of this e-mail or the employee 
> authorised to forward it to the addressee, be advised that 
> any dissemination, copying, distribution or any other similar 
> activity is legally prohibited and may be punishable. If you 
> received this e-mail by mistake please advise the sender 
> immediately by using the reply facility in your e-mail 
> software and delete permanently this e-mail including any 
> copies of it either printed or saved to hard drive. 
> 
> BRE Bank SA, 00-950 Warszawa, ul. Senatorska 18, tel. +48 
> (22) 829 00 00, fax +48 (22) 829 00 33, www.brebank.pl, 
> e-mail: i...@brebank.pl
> Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy 
> Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 
> 0000025237, NIP: 526-021-50-88. 
> Wedug stanu na dzie 01.01.2012 r. kapita zakadowy BRE 
> Banku SA (w caoci wpacony) wynosi 168.410.984 zotych.
> 
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
> 
> 

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN