Security: Banks deal with a lot of sensitive and confidential information. Security is a non-negotiable concern with them. Mainframes have security built into them from the ground up. Through cryptographic hardware acceleration and secure operating system, mainframes fulfill the critical requirement of keeping the user and internal data protected.
Sent from Yahoo Mail for iPhone On Monday, May 6, 2019, 4:23 PM, ITschak Mugzach <imugz...@gmail.com> wrote: No. It has nothing to do with security. It is a lagend. Penetrated all my clients. The reason is convertion complexity, tco and simplicity. Security, in a nut shell is what your sysprog does. Only few security guys left to guide them. בתאריך יום ב׳, 6 במאי 2019, 23:18, מאת Bill Johnson < 00000047540adefe-dmarc-requ...@listserv.ua.edu>: > It’s why banks stay on the mainframe. Security. > > > Sent from Yahoo Mail for iPhone > > > On Monday, May 6, 2019, 4:09 PM, Bigendian Smalls < > mainfr...@bigendiansmalls.com> wrote: > > Bill, would you care to back that sweeping generalization up with some > detail? > > > On May 6, 2019, at 22:06, Bill Johnson < > 00000047540adefe-dmarc-requ...@listserv.ua.edu> wrote: > > > > Completely different. Hacking Microsoft is way easier. > > > > > > Sent from Yahoo Mail for iPhone > > > > > > On Monday, May 6, 2019, 3:53 PM, Bigendian Smalls < > mainfr...@bigendiansmalls.com> wrote: > > > > Which is how 80% of all the hacks today start. Find purchase and > advance your position. This is how the game is played. It was as classic of > a hack as anything today. > > > >> On May 6, 2019, at 21:43, Bill Johnson < > 00000047540adefe-dmarc-requ...@listserv.ua.edu> wrote: > >> > >> Still never would have occurred without a valid userid. > >> > >> > >> Sent from Yahoo Mail for iPhone > >> > >> > >> On Monday, May 6, 2019, 3:18 PM, Charles Mills <charl...@mcn.org> > wrote: > >> > >> No. > >> > >> From the link you cite: > >> > >> "According to various sources, the hackers succeeded in finding (and > exploiting) at least 2 previously unknown errors enabling them to raise > their authorisations in the system. One of them was an error in an IBM HTTP > server and the other one was an error in the CNMEUNIX file, which in the > default configuration has SUID 0 authorisations (which means that by > leveraging on the errors it contains, one is able to execute commands with > the system administrator’s authorisations)." > >> > >> His "user" access to InfoTorg was not a problem for the mainframe. (It > was a problem for the MPAA lawyer whose account he accessed, but not for > the mainframe in general.) The above mainframe security vulnerability was. > >> > >> Charles > >> > >> > >> -----Original Message----- > >> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Bill Johnson > >> Sent: Monday, May 6, 2019 11:17 AM > >> To: IBM-MAIN@LISTSERV.UA.EDU > >> Subject: Re: mainframe hacking "success stories"? > >> > >> The Pirate Bay hack acquired a valid mainframe userid and password off > of a Microsoft laptop. In effect, not really a mainframe hack. He just > logged on. https://badcyber.com/a-history-of-a-hacking/ > >> > >> Sent from Yahoo Mail for iPhone > >> > >> > >> On Monday, May 6, 2019, 1:21 PM, Charles Mills <charl...@mcn.org> > wrote: > >> > >> #1: Noooooo. It was a legitimate mainframe hack (assuming you consider > USS a legitimate part of the mainframe, which it has been for 20 years or > so). It was an exploit of CGI buffer overrun. > >> > >> #2: It drives me nuts to hear mainframers explain away mainframe > breaches. "It wasn't really a mainframe hack, they got in through USS." "It > wasn't really a mainframe hack, they re-used a Windows password." "It > wasn't really a mainframe hack ... whatever." If your CEO was standing in > front of the press explaining how your company let x million credit card > numbers go astray, would it matter HOW they got into your mainframe, or > only that they DID?" If your mainframe is vulnerable to a USS hack, or a > shared Windows password, or whatever, you need to fix THAT, or risk having > to explain to your CEO why he got fired (like Target's) for letting all > those credit card numbers go astray. > >> > >> Charles > >> > >> > >> -----Original Message----- > >> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Bill Johnson > >> Sent: Sunday, May 5, 2019 10:00 AM > >> To: IBM-MAIN@LISTSERV.UA.EDU > >> Subject: Re: mainframe hacking "success stories"? > >> > >> Wasn’t really a mainframe hack. It was a laptop hack that acquired > legitimate mainframe credentials. > >> > >> ---------------------------------------------------------------------- > >> For IBM-MAIN subscribe / signoff / archive access instructions, > >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > >> > >> > >> > >> ---------------------------------------------------------------------- > >> For IBM-MAIN subscribe / signoff / archive access instructions, > >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > >> > >> ---------------------------------------------------------------------- > >> For IBM-MAIN subscribe / signoff / archive access instructions, > >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > >> > >> > >> > >> ---------------------------------------------------------------------- > >> For IBM-MAIN subscribe / signoff / archive access instructions, > >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > > > > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
