FWIW, I was notified that my personal information was part of the OPM data breach. Only problem is I've never worked for, nor applied for a federal job. However, back in 2007 I did work for an outsourcer who had a federal account. Perhaps that is how my personal information got there.
I contacted OPM and requested to know how my personal information was on their system. The response was they could not find my personal information. I contacted my U.S. Representative, and asked him to contact OPM. Basically got the same reply. At that point I gave up. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of John Crossno Sent: Monday, March 20, 2017 9:12 AM To: [email protected] Subject: Re: ComputerWorld Says: Cobol plays major role in U.S. government breaches If one reads the article, then digs into the underlying research, and finally the Congressional report on the OPM incidents (all 250 pages of it), it's quite easy to see that the authors of the research and subsequent article are implying that legacy=mainframe/COBOL, while the real problem(s) really had nothing to do with either, at the end of the day. It had everything to do with "legacy" network security, not following best security practices, etc. Where the research talks about investments in modernization, they imply that the problem is "archaic" 30-year old COBOL systems, when that really isn't supported by the research at all (contradictions?). They really mean that when the distributed network security is modernized with security best practices, advanced intrusion and malware detection, use of MFA/PIV/etc, there's a reduction in the number of incidents. I wrote up a longer response to it, as comments to the FB and LinkedIn postings, that starts with the OPM report and works it's way back up to the article. Seemingly, Computerworld didn't like some of the original comments from their posting last week on LinkedIn, and felt the need to repost it yesterday. That's where my longer comments can be found, vs their original posting. Can't link directly to it or the FB posting.. You'll have to search for Computerworld's page, then scroll. At the end of the day, it really has nothing to do with COBOL "security" at all, but everything to do with network security. The article is just an example of taking at face value poor research, taking liberties with and cherry picking bits of a report and quotes from people who probably don't understand the technology to begin with, and just plain old fashioned bad journalism... Fake News! "Common sense is not so common." * Voltaire, Dictionnaire Philosophique (1764) On Mon, Mar 20, 2017 at 8:51 AM, Elardus Engelbrecht < [email protected]> wrote: > Todd Arnold wrote: > > >Gee, I've been developing crypto technology for 30+ years that runs > >in > those environments - so it's certainly news to me that it can't be > done :-) > > Amazing! ;-) > > No one said those cards are that *fast* ! > > > >Looking at the ICSF Application Programmer's Guide, which defines the > ways most z/OS applications get cryptographic services, I see this: > > > ICSF callable services can be called from application programs > > written > in a number of high-level languages as well as assembler. The > high-level languages are: > > - C > > - COBOL > > - FORTRAN > > - PL/I > > And REXX + Assembler too. Look in Redbook - 'System z Crypto and TKE > Update' (SG24-7848-00) for samples. > > Note from that bookie: The code supplied has not been subjected to any > formal IBM test .... > > Groete / Greetings > Elardus Engelbrecht > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN FIRST TENNESSEE Confidentiality notice: This e-mail message, including any attachments, may contain legally privileged and/or confidential information. If you are not the intended recipient(s), or the employee or agent responsible for delivery of this message to the intended recipient(s), you are hereby notified that any dissemination, distribution, or copying of this e-mail message is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete this e-mail message from your computer. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
