All, What type applications are they, up in the article referring to ? CICS or DB2 or ?
Scott On Sat, Mar 18, 2017 at 4:57 PM Charles Mills <[email protected]> wrote: > Sad but true. > > > > Charles > > > > > > -----Original Message----- > > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Bill Woodger > > Sent: Saturday, March 18, 2017 8:54 AM > > To: [email protected] > > Subject: Re: ComputerWorld Says: Cobol plays major role in U.S. government > breaches > > > > My gosh, ho-hum, what a bag of nonsense passing itself off as a > contribution to research. > > > > And then there's the journalism. > > > > Tom Marchant phrased it eloque... well, bluntly. The researchers who wrote > the paper, dated March 7, 2017, used a media article to come up with "It's > COBOL wot dun it" for OPM, whereas the report "The OPM Data Breach: How > the Government Jeopardized Our National Security for More than a > Generation" by the Committee on Oversight and Government Reform, published > September 7, 2016, doesn't even mention COBOL. Journalists (I'm assuming > there are more articles, it's "easy" journalism) quote the report, quoting > them. Self-referential, self-defining. Just meaningless. > > > > The report on the OPM breach doesn't even go as far as to say that access > was gained to a Mainframe (in terms of a hack). What is clear is that the > hackers (at least two) spent years, yes, years, wandering about various > Windows servers belonging to OPM. They exfiltrated (my word of the day) > documents relating to the Mainframe system. Mmm.... Powerpoint, Visio, > XLSX, etc... Enough on OPM. > > > > Now, Research is closely related to Brain Science and Rocket Surgery. If > you can do it, you're really cool, and will be recognised above the mundane > who only have to deal with known facts. > > > > However, Bad Research is related to what? Bad Journalism? Great. > > > > Take "security by antiquity". Anyone ever heard of that? I put that into a > search box along with the word computer and got 438 results. I put > "security by obscurity", a term that I've heard of, and which includes > being unaware of the enormous amount of documentation IBM provides > publicly, and computer into the same search box and got 38,000 hits > (38,417.83 in Research Terms). > > > > So, build a Straw Man, then set fire to him, to general applause. > > > > Take "legacy system". If you are writing for someone else, and you use > jargon, or terminology, or concepts which are not clearly defined and > accepted, then you define, exactly, how you use those terms. Because > otherwise the use is meaningless. > > > > Obviously "legacy" means Mainframe/COBOL. Except they talk of migrating > "legacy" to the Cloud. So obviously they don't mean Mainframe/COBOL. Or, > perhaps more accurately, they have a version of Lewis Carol's Humpty > Dumpty: "any word or phrase means exactly what I mean it to mean at that > moment, even if contradicted shortly thereafter, and contradicted further > several times later". > > > > In Bad Research, look for figures with pin-point accuracy: "increased by > 1,121 percent". Increased by what? What does that final one percent mean? > Or even the final 20%? > > > > Let me define "information about computers ages very quickly" to mean "in > situations where the fundamentals of what you are talking about change very > rapidly, discussion that is five years old may be useless". Let me be > generous and extend that to 10 years, else the main publication they refer > to, from 2009, is outside the range. Let's say every computer-related paper > they reference which is older than 10 years would have to be seriously > question for its use in this context. Whoops. That puts a lot of stuff > under question. > > > > Surely "criminal behaviour" doesn't change so fast? Oooh. Economic > criminal behaviour. Relating to hacking. How much does it cost these days > to get a domain, a laptop and some harddisks/sticks? So that has changed, > as rapidly. > > > > Oooh. Another problem. The whole OPM thing is supposed to be done by > either "hacking groups" who just don't like government/business and > material consequences are perhaps an aside, or "hacking groups" > specifically backed by a certain foreign government. Neither of these fit > into ordinary "criminal" analysis, and no case is made in the research for > why anything should fit into the criminal analysis. So scratch all that > junk. > > > > Table 4. I can't make head of tail of it, but, at least Table 2 defines > indicents. Of the eight categories, four are nothing to do with "cyber > criminals": Improper Usage; Unauthorized Equipment; Policy Violation; > Non-Cyber Incidents. Taking out all those does what for 1,121 percent? > > > > If the paper were coherent and internally consistent, I'd go on. But it > isn't, so I won't. > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > -- Scott Ford IDMWORKS z/OS Development ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
