I thought this is a mainframe mailing list...
About ten years ago, during a security consultancy work I performed at a
client shop, I noticed that CICS is not properly protected. I told the
sysprog and the CIO what changes need to be done, but the sysprog insist
that the system is secured. I got a permission to teach him a lesson.
I noticed that the connection to a partner company is not secure, so I
called their sysprog and asked him to use CRTE tran over this connection
and disable a specific transaction. The local sysprog start getting calls
from branch offices telling him that the function is not working. It took
him some time to find that the transaction is disabled and to enable it.
immediately after, we asked the other sysprog to disable it again... we
made it few cycles until we told him that his system was penetrated from
outside of the organization and that his system is not secure.
ITschak
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon *
On Mon, Oct 11, 2021 at 5:23 PM Bob Bridges <robhbrid...@gmail.com> wrote:
> Managers have no sense of humour where it doesn't matter. Well, some
> managers.
>
> I still remember fondly my messing with a coworker's PC menu. I don't
> remember which menu system we were using at the time, but Roberto had found
> some little gag app that would display a blimp for a few seconds with your
> selected message scrolling across it. So while he was out I fixed up his
> menu so that when he fired up Word, it would 1) display the blimp ("Roberto
> is a doofus!"), 2) erase the blimp call from the Word menu option so it
> would look normal, and 3) start Word. The Harvard Graphics option would
> put the blimp back in his Word option. So until he figured out the
> pattern, it would display the blimp at seemingly random intervals, but
> whenever he looked at the Word option under the covers there was nothing
> there.
>
> I was also charmed by a (different) coworker who modified his copy of PC
> DOS; instead of "Bad command or file name", it said "Say what, hippo
> fingers?". I never bothered until just now to verify that those two
> messages are exactly the same length; I just assumed that his replacement
> was no longer than the official text.
>
> All very harmless. I guess I'm just not a serious hacker.
>
> ---
> Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313
>
> /* While mathematicians often do not have much humility, we all have lots
> of experience with humiliation. -Dan Goldston, in his acceptance speech
> for the prestigious Cole Prize */
>
> -----Original Message-----
> From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf
> Of CM Poncelet
> Sent: Sunday, October 10, 2021 22:23
>
> This reminds me of someone at a Company I worked for, can't remember
> which, where some programmer had displayed a prompt for whatever to which
> an end-user replied "f*@k" - upon which the program then replied, "Your
> place or mine?" Needless to say, management was not amused by this and the
> programmer was given a "good talking to" if not then also put on "garden
> leave". <grin>
>
> --- On 10/10/2021 15:52, PINION, RICHARD W. wrote:
> > The only thing I ever put on a system, similar to that, was a TSO
> program which produced a crude picture of the one finger salute. You could
> put whatever message you wanted on the hand. Silly me, I had the program
> executing at TSO logon. Management was not amused.
> >
> > -----Original Message-----
> > From: Peter Sylvester
> > Sent: Sunday, October 10, 2021 9:36 AM
>
> > You could have "protected" the VM systems as much as you want, if a
> "friend" send you an exec/script/clist and you execute it. the was actually
> created as small joke by a student at one of the EARN/BITNET nodes who did
> not see that it could escape from the site.
> >
> > my old friend Helmut on the neighbour node detected "patient 0". It
> rapidely entered vnet which was shutdown (to remove all copies afaik), earn
> bitnet was saved by Eric Thomas by filtering in rscs. You had to execute
> it, a global social attack/joke, not like the other real worm in sendmail
> >
> > --- On 08/10/2021 16:43, David Spiegel wrote:
> >> "... What about the Christmas Card Worm? ..."
> >>
> >> That was AFAIK on a VM system, not, an MVS system.
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
