I'm sort of intrigued by the notion of 'magical SVC'. I know it's a figure of speech, but I categorically disbelieve in magic. For the whipper snappers among us, our beloved SDSF started out in the 1980s as an IUP--installed user program. Written as I understand it by a couple of IBM customer SEs. It was called Interactive Spool Facility; hence the ubiquity of the ISF prefix throughout the product.
'SDSF' was marketed by IBM and eventually--after strong customer demand--elevated to a Class 1 product with full Support Center involvement. >From the beginning, even as an IUP, SDSF needed to run APF authorized. That was accomplished by a magical SVC'. Customers were uncomfortable with that solution for the same reasons discussed in this thread. The solution attempted was to make some elaborate checks in the SVC to verify that it was in fact being issued by the IBM product. At some point the whole SVC strategy was abandoned. Modern SDSF no longer requires any magic SVC. I have not heard of any customer concern over the current implementation. On Fri, Oct 8, 2021 at 11:15 AM Radoslaw Skorupka <[email protected]> wrote: > Yes, I remember this article. I also read that in Polish. :-) > And at the time whole police report was leaked. 200+ pages. > It was definitely impossible without intercepted password and many > configuration mistakes. > HTTP vulnerability was also there, but it was not the way to hack in. > > https://zaufanatrzeciastrona.pl/historia-pewnego-wlamania/ (still in > Polish, inside links to several articles) > > -- > Radoslaw Skorupka > Lodz, Poland > > > > > W dniu 08.10.2021 o 16:54, Bob Bridges pisze: > > The way I read in the long Polish article about the Logica hack, when I > researched it back in 2013, is that there was speculation about USS and > about an HTTP flaw, but the forensics folks in the end thought they > probably got hold of a password in the good old-fashioned way and went from > there. They did indeed find and exploit USS configuration goofs. And the > HTTP flaw is real (https://nvd.nist.gov/vuln/detail/CVE-2012-5955), but > Logica's post-hack report doesn't mention it; so they, at least, didn't > think it figured into the original break-in or in the culprits' activities > afterward. > > > > --- > > Bob Bridges, [email protected], cell 336 382-7313 > > > > /* I've never hated a man enough to give him his diamonds back. > -Zsa-Zsa Gabor */ > > > > -----Original Message----- > > From: IBM Mainframe Discussion List <[email protected]> On > Behalf Of Charles Mills > > Sent: Thursday, October 7, 2021 18:49 > > > > Assuming you don't count Logica. ("Oh, that wasn't a real mainframe > hack, they came in through USS.") > > > > -----Original Message----- > > From: IBM Mainframe Discussion List [mailto:[email protected]] > On Behalf Of Bill Johnson > > Sent: Thursday, October 7, 2021 3:21 PM > > > > You’d have to be a poorly run shop to permit any of those to occur. > Maybe that’s why mainframe hacks have actually never happened.... > > -- Skip Robinson 323-715-0595 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
