RACF database unprotected? That's not a properly secured system, any more than one with default passwords is.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Knutson, Samuel <samuel.knut...@compuware.com> Sent: Monday, May 6, 2019 3:19 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking "success stories"? The attacker created zero day exploits against z/OS in the wild allowing escalation of privilege and proved difficult to dislodge even once discovered. Information available to the public supports this. Phil Young has done a good job of dissecting the hack. Philip Young - Smashing the Mainframe for Fun and Prison Time https://secure-web.cisco.com/1WHZO7R_IzgaHmdSwc5fSpAsKhWqVG-Hc8oqhS1AazIb1z9MntaVwwZo5ffUYnhUSo1yf8zD5sr1au8SYtE-JcwOypzxfKX_kJMguP7cUGE7LrhWfUr0e_Z--o2sXZAhUD-ZgjqMrnZaae6eqL_cxNZgbZKqKbcc20i5UU51GSxTvvrYXSsEPMZySnINGr52STdXBoH8zY2CDpzo1qrc6K8eRA_MAb9G1KhY8l0Yt6yOj7VyYgNzCxlzZjKt71yrZ8YuGRS5Df2Z_DSIJtAp2KL0R_uzcHshox7vsvk3y5PGoZRl9M24EStow5L5rzczUpBcLFd1K5IYn5xSrqKXEhYome2AfmDfwaQt5mRdy3IHX3gjKpmMGHI1vduL9foUdWRYO5pplujaSlpEzZ3GQ6heQcgXBymhLBVQqAR_N33qWnLANE_IdF6FIDBwgIzvA/https%3A%2F%2Fyoutu.be%2FSjtyifWTqmc And How Hackers Breached a Government (and a Bank) https://secure-web.cisco.com/1c-YbwF54FIR_OVKsBQbi_FSQ_Buj6SAGBnZFwi8hiRIbp9GtVg_GYvf1iyySH4aPQFGUiDHmRBocoAihCpRRpUh8Cw1k3aE-dp9f_d-NWYWtq1CNeOb7qMYbzaMRGEp03yU38Eu6RLBq6fEQUvHQv4EqGKA6V-BAIYm2U2zNq-URUcl4jhaa7rxKZDLOr2uXmh64_vgh1tDlm_q8zfe3DMSIv96ZgKylj_T6Dz2pnh1tYh7uoKRdb_LX6CJkokmqk2sWGQlRtTJieL7JvQOIH_Y-G5AzxE_Tnk2-igiY2AF0D47kcSLMbSEhxRgdIpeTzQoPqXu0bvj63rfoPjgkbEWPY_NzU_M_R3Dl0mKJpRF7iu3T63VWhwkNkWcIa1rAqLB6o1Y05Aq_fczPj6FrliYbLY7ShGQrmB2pTBJkzt8ILHbZwKUvY8B6V5tWvUaM/https%3A%2F%2Fshare.confex.com%2Fshare%2F124%2Fwebprogram%2FHandout%2FSession16982%2FHow%2520Hackers%2520Breached%2520a%2520Government%2520%2528and%2520a%2520Bank%2529.pdf z/OS on IBMz hardware is the most securable environment in the world but as public evidence supports it was compromised. It would seem fair to say the mainframe was hacked. Best Regards, Sam Knutson -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Bill Johnson Sent: Monday, May 6, 2019 2:45 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking "success stories"? Exactly. Sent from Yahoo Mail for iPhone On Monday, May 6, 2019, 2:43 PM, ITschak Mugzach <imugz...@gmail.com> wrote: Yes. Just logged on... And had access to all databases. This us how they was caught. Too much queries per second. בתאריך יום ב׳, 6 במאי 2019, 21:17, מאת Bill Johnson < 00000047540adefe-dmarc-requ...@listserv.ua.edu>: > The Pirate Bay hack acquired a valid mainframe userid and password off > of a Microsoft laptop. In effect, not really a mainframe hack. He just > logged on. > https://secure-web.cisco.com/1FHcvIN9JU6P3HDRd5Nm3kzXT9GShrhJ2swTQh93tmIsKYH_nTMhNb1Xy4Z1wExjMZmlhtneijXsWajoTs4dODCTJK0Gns1Lhn0TGX7NFQoMPaf45QoXHxV_3P5HRmQE1oWL65CRqRiAMbCLvrwemiSSt-2PQTF4uIXWTyPa6nl1H2VSpk24KRUCzUgm39kP3MLQa5vs2JEi9jzzNSppCPXdMJm6WQnjr25jidrU3UVzHlYU6FFz_69qs5Ug0rQfdJoX6XoByi0aKn01E4nDG26HFvHKw2JuJd_U-niP5mCtABsFcVBovCc-btiFde1lim8BnwZqcXJtTyK2TwtSfdpJmsf8_L0sIEJtfEYxh5yJbUptiD-xxRNkHUi8Sm1ifykfSwyWKnAPdl0Xj7BgvnmUVI_Zk_5R1h5I5YkwNkknZZl2zQZmwAMcWbAI4DpQ9/https%3A%2F%2Fbadcyber.com%2Fa-history-of-a-hacking%2F > > Sent from Yahoo Mail for iPhone > > > On Monday, May 6, 2019, 1:21 PM, Charles Mills <charl...@mcn.org> wrote: > > #1: Noooooo. It was a legitimate mainframe hack (assuming you consider > USS a legitimate part of the mainframe, which it has been for 20 years or so). > It was an exploit of CGI buffer overrun. > > #2: It drives me nuts to hear mainframers explain away mainframe breaches. > "It wasn't really a mainframe hack, they got in through USS." "It > wasn't really a mainframe hack, they re-used a Windows password." "It > wasn't really a mainframe hack ... whatever." If your CEO was standing > in front of the press explaining how your company let x million credit > card numbers go astray, would it matter HOW they got into your > mainframe, or only that they DID?" If your mainframe is vulnerable to > a USS hack, or a shared Windows password, or whatever, you need to fix > THAT, or risk having to explain to your CEO why he got fired (like > Target's) for letting all those credit card numbers go astray. > > Charles > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Bill Johnson > Sent: Sunday, May 5, 2019 10:00 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: mainframe hacking "success stories"? > > Wasn’t really a mainframe hack. It was a laptop hack that acquired > legitimate mainframe credentials. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
