That true. The system is protected as far you protect it according to the best practice recommended by the vendor, standard organizations and hardening frameworks. if you follow the rules, you minimize the risk.
A client asked me few days ago how can I get his password. I told him that I don't need his password to use his user-id, as their APF libraries are not protected well. I can use any user I want. There are so many attack surfaces in the mainframe that can be blocked, but client ignores them inviting a hacker, internal or external. BTW, have a look at my signature ... ITschak -- ITschak Mugzach *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* Information Security *Continuous** Monitoring for Legacy * *| * *|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
