Seymour, this is a very interesting observation you made.
I'm now experiencing similar....
With a certain banking system we use, you logon, and then you
have to prove you are the person you say you are by providing
more information. While having 2 factor authentication.
With a certain cell provider, you have to login, then provide
your PIN, then tell them your IMEI ....
How many people have that information memorized?
At some point we make being secure, *insecure,* because we won't
talk to you because we can't be sure you are who you say you are,
even with 2 factor authentication, and your password.
Corporate paranoia.
Steve Thompson
On 2/13/2024 11:31 PM, Seymour J Metz wrote:
The problem is not auditors; it is incompetent auditors.
In the Army they taught us that preventing authorized access is a security
violation. An unthinking automatic timeout is a DOS attack when it prevents
running an annual job.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
עַם יִשְׂרָאֵל חַי
נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר
________________________________________
From: IBM Mainframe Discussion List <[email protected]> on behalf of Farley,
Peter <[email protected]>
Sent: Monday, February 5, 2024 12:27 PM
To: [email protected]
Subject: Re: SDSF PS Command column
I am constantly amazed at how much this whole “zero trust” meme is violating
the concept of sharing everything among application developers. I for one have
no qualms about any other application programmer at my shop seeing any coding I
am doing (though I might be occasionally embarrassed by my own dumb mistakes).
It is not “innocent” to share access to application programming information and
styles and pitfalls, it is crucial to application programmer development and
advancement. We learn from each other, especially from sharing our mistakes as
well as our best practices and clever innovations.
Add to that stupid security rules like “if you didn’t access this resource for
the last 180 days we revoke your access to that resource”, which causes all
kinds of headaches when you have to suddenly deal with issues in a yearly
weekend production process and you don’t have read rights to the data files you
need to view to resolve the issue and the security team only works 9 to 5
weekdays and the on-call is out shopping somewhere.
Shakespeare was almost right – first get rid of all the auditors, the lawyers
are easy to deal with compared to them.
Peter
From: IBM Mainframe Discussion List <[email protected]> On Behalf Of
Paul Gilmartin
Sent: Monday, February 5, 2024 11:02 AM
To: [email protected]
Subject: Re: SDSF PS Command column
On Mon, 5 Feb 2024 11:02:07 +0000, Rob Scott wrote:
...
As to "why don't you just fix it ?"tstyle questions, we have to consider quite a few
compatibility issues across n-2 releases especially when the "fix" requires changes to
configuration and security ...
Such as users' embedding cryptographic keys in commands? Ugh!
UNIX arose in a more innocent age when no one worried much about such as:
ls -lt /u
--
This message and any attachments are intended only for the use of the addressee
and may contain information that is privileged and confidential. If the reader
of the message is not the intended recipient or an authorized representative of
the intended recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited. If you have received this communication
in error, please notify us immediately by e-mail and delete the message and any
attachments from your system.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
