well, there are some clients of my that got a copy of the RACF/Top secret db by internal email. I was not only able to copy the file, but also to send it outside the mainframe. People like me that do pentests for leaving have seem almost everything. Last week I've noticed a client configuration that allowed route command to all and no console auto login. the result is that the command issued on the other lpar ran under *BYPASS* identity. People does stupid things that help you completely destroy the system.
I still look for a published events. ITschak d to all. On Mon, May 6, 2019 at 8:21 PM Charles Mills <charl...@mcn.org> wrote: > #1: Noooooo. It was a legitimate mainframe hack (assuming you consider USS > a legitimate part of the mainframe, which it has been for 20 years or so). > It was an exploit of CGI buffer overrun. > > #2: It drives me nuts to hear mainframers explain away mainframe breaches. > "It wasn't really a mainframe hack, they got in through USS." "It wasn't > really a mainframe hack, they re-used a Windows password." "It wasn't > really a mainframe hack ... whatever." If your CEO was standing in front of > the press explaining how your company let x million credit card numbers go > astray, would it matter HOW they got into your mainframe, or only that they > DID?" If your mainframe is vulnerable to a USS hack, or a shared Windows > password, or whatever, you need to fix THAT, or risk having to explain to > your CEO why he got fired (like Target's) for letting all those credit card > numbers go astray. > > Charles > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Bill Johnson > Sent: Sunday, May 5, 2019 10:00 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: mainframe hacking "success stories"? > > Wasn’t really a mainframe hack. It was a laptop hack that acquired > legitimate mainframe credentials. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- ITschak Mugzach *|** IronSphere Platform* *|* *Information Security Contiguous Monitoring for Legacy **| * ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
