>> Hire one of the pen testing firms like RSM or Vanguard. Report back here if >> they find no vulnerabilities. Tell me I'm wrong.
Agree with this 100%. If you can catch Mark Wilson from RSM in bar, buy him some beers and he can tell you redacted stories about pen tests that he has done that will make your hair stand on end. Rob Scott Rocket Software. -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Charles Mills Sent: Wednesday, May 8, 2019 2:26 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: mainframe hacking "success stories"? I was travelling and I have kind of lost track of where this thread has gone. Let me throw three thoughts out there. 1. Our job is to make our platform -- and if you are at a customer, your site -- as secure as reasonably possible. Not "more secure than Windows." It is NOT like the joke about the two hunters being chased by a bear, one of whom says "I don't have to run faster than the bear; just faster than you." You have to run faster than ALL the bears. 2. "Oh, but they got a userid and password from somewhere else." A userid and password is nothing. You know who has a userid and password? All of your users. Another name for your users is "insider threats." 3. You think your mainframe in darned near invulnerable? Put it to the test. Hire one of the pen testing firms like RSM or Vanguard. Report back here if they find no vulnerabilities. Tell me I'm wrong. Charles ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ================================ Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham MA 02451 ■ Main Office Toll Free Number: +1 855.577.4323 Contact Customer Support: https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy ================================ This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
