No argument there! :-) Charles
-----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Bob Bridges Sent: Thursday, May 9, 2019 9:24 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Can backup mechanisms be used to steal RACF database? was Re: mainframe hacking "success stories"? No, ~I~ quoted "there are solid indications" etc. Mr Mills asserts that they did not, which is contrary to my own reading but at this remove perhaps it doesn't matter. Whatever actually happened at Logica, the important point is that with read access a hacker would be able to do so, a situation most ardently to be avoided :). The lesson I take from this, and pass on to my clients, is that read access to the security database is a huge exposure and in most cases - that is, for most user IDs - completely unnecessary. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
