It’s why banks stay on the mainframe. Security.
Sent from Yahoo Mail for iPhone On Monday, May 6, 2019, 4:09 PM, Bigendian Smalls <mainfr...@bigendiansmalls.com> wrote: Bill, would you care to back that sweeping generalization up with some detail? > On May 6, 2019, at 22:06, Bill Johnson > <00000047540adefe-dmarc-requ...@listserv.ua.edu> wrote: > > Completely different. Hacking Microsoft is way easier. > > > Sent from Yahoo Mail for iPhone > > > On Monday, May 6, 2019, 3:53 PM, Bigendian Smalls > <mainfr...@bigendiansmalls.com> wrote: > > Which is how 80% of all the hacks today start. Find purchase and advance > your position. This is how the game is played. It was as classic of a hack as > anything today. > >> On May 6, 2019, at 21:43, Bill Johnson >> <00000047540adefe-dmarc-requ...@listserv.ua.edu> wrote: >> >> Still never would have occurred without a valid userid. >> >> >> Sent from Yahoo Mail for iPhone >> >> >> On Monday, May 6, 2019, 3:18 PM, Charles Mills <charl...@mcn.org> wrote: >> >> No. >> >> From the link you cite: >> >> "According to various sources, the hackers succeeded in finding (and >> exploiting) at least 2 previously unknown errors enabling them to raise >> their authorisations in the system. One of them was an error in an IBM HTTP >> server and the other one was an error in the CNMEUNIX file, which in the >> default configuration has SUID 0 authorisations (which means that by >> leveraging on the errors it contains, one is able to execute commands with >> the system administrator’s authorisations)." >> >> His "user" access to InfoTorg was not a problem for the mainframe. (It was a >> problem for the MPAA lawyer whose account he accessed, but not for the >> mainframe in general.) The above mainframe security vulnerability was. >> >> Charles >> >> >> -----Original Message----- >> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On >> Behalf Of Bill Johnson >> Sent: Monday, May 6, 2019 11:17 AM >> To: IBM-MAIN@LISTSERV.UA.EDU >> Subject: Re: mainframe hacking "success stories"? >> >> The Pirate Bay hack acquired a valid mainframe userid and password off of a >> Microsoft laptop. In effect, not really a mainframe hack. He just logged on. >> https://badcyber.com/a-history-of-a-hacking/ >> >> Sent from Yahoo Mail for iPhone >> >> >> On Monday, May 6, 2019, 1:21 PM, Charles Mills <charl...@mcn.org> wrote: >> >> #1: Noooooo. It was a legitimate mainframe hack (assuming you consider USS a >> legitimate part of the mainframe, which it has been for 20 years or so). It >> was an exploit of CGI buffer overrun. >> >> #2: It drives me nuts to hear mainframers explain away mainframe breaches. >> "It wasn't really a mainframe hack, they got in through USS." "It wasn't >> really a mainframe hack, they re-used a Windows password." "It wasn't really >> a mainframe hack ... whatever." If your CEO was standing in front of the >> press explaining how your company let x million credit card numbers go >> astray, would it matter HOW they got into your mainframe, or only that they >> DID?" If your mainframe is vulnerable to a USS hack, or a shared Windows >> password, or whatever, you need to fix THAT, or risk having to explain to >> your CEO why he got fired (like Target's) for letting all those credit card >> numbers go astray. >> >> Charles >> >> >> -----Original Message----- >> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On >> Behalf Of Bill Johnson >> Sent: Sunday, May 5, 2019 10:00 AM >> To: IBM-MAIN@LISTSERV.UA.EDU >> Subject: Re: mainframe hacking "success stories"? >> >> Wasn’t really a mainframe hack. It was a laptop hack that acquired >> legitimate mainframe credentials. >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN >> >> >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN >> >> >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
