Hi
I have been receiving this error in one of our DR site.
I can see the LIB ID and PORT ID are part of IODF. I even tried deleting
LIB ID dynamically and reloaded the same IODF.
Device for 3590 have got all the attributes set correctly same as
production.
I am not able to even vary on the the
The LIB ID must also be set in the library itself. Is that also the same ID?
Kees.
> -Original Message-
> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
> Behalf Of Peter
> Sent: 06 May, 2019 11:44
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: CBR3006I LIB ID not rec
On Mon, May 6, 2019 at 4:44 AM Peter wrote:
> Hi
>
> I have been receiving this error in one of our DR site.
>
> I can see the LIB ID and PORT ID are part of IODF. I even tried deleting
> LIB ID dynamically and reloaded the same IODF.
>
> Device for 3590 have got all the attributes set correctly
The only ones I know of that have been published are the ones that were
mentioned (There were legitimate mainframe vulns in there, not just creds
reused). I know of others that are actual hacks, but none that are public
information.
Chad
---
The actual arch level should be somewhere in the Job listing from the Cobol
Compile.
HTH,
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
John Abell
Sent: Saturday, May 4, 2019 9:44 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: COBOL 6.2 and ARCH(12)
I am a bit behi
Your should have something similar to the following in the COBOL listing where
I have used ARCH(11).
Invocation parameters:
OPTFILE
Options from SYSOPTF:
ARCH(1
I verified a few of my recent COBOL listings, and they all have ARCH(8)
specified.
Our applications developers claim that this issue only occurs when they run
their code through the debugger. It apparently never occurs outside the
debugger. The issue has been very intermittent, so it hasn't been e
> How does z/OS handle a situation where two COBOL programs that are compiled
> at different ARCH levels and part of the same LE enclave? Since the vendor
> code receives execution first, does it determine the enclave level?
I don't think an enclave HAS an ARCH level. ARCH is a compiler parm. If y
Charles,
Thanks for the explanation. Our system IGYCOPT specifies ARCH=*8.
We are only experiencing this issue on our production machine. We clone our
machine for DR, but our test systems are never started so the debugging
tool would never be used on this machine. Simulation debuggers are not
all
'Note that 0600 is a virtual tape address,
and 0800 is an ATL address'
Guess 0600 and 800 is specific to your shop ? In my shop I have the UCB set
as 2800 and 2801 for 3590.
I get the same error message when I vary on 2800 and 2801
How do the IBM hardware guys set the LIB ID in ATL ?( just curio
Not that I know of, other then the SMF records for the input and output.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List on behalf of
Paul Gilmartin <000433f07816-dmarc-requ...@listserv.ua.edu>
Sent: Frid
By "object blocks" do you mean text blocks? As I recall, everything other than
text blocks is limited to 256 bytes.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List on behalf of
Mike Schwab
Sent: Thursday, M
On Mon, May 6, 2019 at 11:44 AM Peter wrote:
> 'Note that 0600 is a virtual tape address,
> and 0800 is an ATL address'
>
> Guess 0600 and 800 is specific to your shop ? In my shop I have the UCB set
> as 2800 and 2801 for 3590.
>
Correct. I could have been clearer about that.
>
> I get the s
I don't think this is an ARCH problem at all. I think the darned debugger is
just plain buggy.
You say the debugger is experiencing S0C4's (as well as S0C1's). I don't think
an ARCH mismatch can cause a S0C4 (at least not in the real world -- someone
might be able to come up with a theoretical
> One of the tricks he pulled was to offload the RACF Database to a PC and
> Dictionary Attack it.
I *believe* that was done by investigators after the fact, attempting to
determine how the attack might have been done. I don't recall that there is
compelling evidence that Svartholm actually did
#1: Noo. It was a legitimate mainframe hack (assuming you consider USS a
legitimate part of the mainframe, which it has been for 20 years or so). It was
an exploit of CGI buffer overrun.
#2: It drives me nuts to hear mainframers explain away mainframe breaches. "It
wasn't really a mainframe
I fully agree with this opinion.
John T. Abell
Tel:800-295-7608Option 4
President
International: 1-416-593-5578 Option 4
E-mail: john.ab...@intnlsoftwareproducts.com
Fax:800-295-7609
International: 1-416-593-5579
International Software Products
www.ispinfo.co
well, there are some clients of my that got a copy of the RACF/Top secret
db by internal email. I was not only able to copy the file, but also to
send it outside the mainframe. People like me that do pentests for leaving
have seem almost everything. Last week I've noticed a client configuration
tha
On Mon, 6 May 2019 10:21:25 -0700, Charles Mills wrote:
>#1: Noo. It was a legitimate mainframe hack (assuming you consider USS a
>legitimate part of the mainframe, which it has been for 20 years or so). It
>was an exploit of CGI buffer overrun.
>
Was that Shellshock? Is only bash susceptib
On Mon, 6 May 2019 16:44:47 +, Seymour J Metz wrote:
>Not that I know of, other then the SMF records for the input and output.
>
>From: Paul Gilmartin
>Sent: Friday, May 3, 2019 1:42 PM
>
>When IEBCOPY reblocks a module, does it leave any audit trail? T
All:
I have a QSAM question. If I have a Cobol program writing to a QSAM file
and it runs out of space on the file, i.e.; SB37 , can i recover from the
SB37 without manual intervention.
A possible condition handler ?
If I write and Assembler I/O routine to be called passing the data to and
writi
The Pirate Bay hack acquired a valid mainframe userid and password off of a
Microsoft laptop. In effect, not really a mainframe hack. He just logged on.
https://badcyber.com/a-history-of-a-hacking/
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 1:21 PM, Charles Mills wrote:
#1: Noo
On Mon, May 6, 2019 at 1:15 PM scott Ford wrote:
> All:
>
> I have a QSAM question. If I have a Cobol program writing to a QSAM file
> and it runs out of space on the file, i.e.; SB37 , can i recover from the
> SB37 without manual intervention.
> A possible condition handler ?
>
> If I write and
Hi Folks
Regrettably, bookshelves were rarely, if ever, available outside the collection
kits for individual download from the IBM Publications Center, and with good
reason. Softcopy Librarian (SCL) requires a set of files, called descriptor
files, that are created as a by-product of the now d
Scott,
An assembler I/O module would handle this without much effort. Take a look
at the EXLST parameter on the file DCB.
*DCBEXIT DS0H *
* USING DCBXPLST,R1 *
* CLHHSI DCBXPRM1,B37 Abend code B3
Yes. Just logged on... And had access to all databases. This us how they
was caught. Too much queries per second.
בתאריך יום ב׳, 6 במאי 2019, 21:17, מאת Bill Johnson <
0047540adefe-dmarc-requ...@listserv.ua.edu>:
> The Pirate Bay hack acquired a valid mainframe userid and password off of
> a
Regarding the "how do the IBM hardware guys set the LIB ID" question - it is
set during the initial configuration of the machine. We were able to pick the
library ID for the composite library as well as the distributed library name
back when we put our first TS7720 on the floor. When we upgrad
Exactly.
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 2:43 PM, ITschak Mugzach wrote:
Yes. Just logged on... And had access to all databases. This us how they
was caught. Too much queries per second.
בתאריך יום ב׳, 6 במאי 2019, 21:17, מאת Bill Johnson <
0047540adefe-dmarc-req
John and Brian,
A big thanks I thought so. Assembler i was aware of, but Cobol I hadnt had
the experience.
But it looks like it might *be doable* thanks , friend John.
Scott
On Mon, May 6, 2019 at 2:40 PM Brian Chapman wrote:
> Scott,
>
> An assembler I/O module would handle this without much
The attacker created zero day exploits against z/OS in the wild allowing
escalation of privilege and proved difficult to dislodge even once discovered.
Information available to the public supports this. Phil Young has done a good
job of dissecting the hack.
Philip Young - Smashing the Mainframe
No.
>From the link you cite:
"According to various sources, the hackers succeeded in finding (and
exploiting) at least 2 previously unknown errors enabling them to raise their
authorisations in the system. One of them was an error in an IBM HTTP server
and the other one was an error in the CNM
Charles is correct. He found vulnerabilities in DFS I believe. Used that for
privesc.
> On May 6, 2019, at 21:17, Charles Mills wrote:
>
> No.
>
> From the link you cite:
>
> "According to various sources, the hackers succeeded in finding (and
> exploiting) at least 2 previously unknown e
Possibly, but after they logged on with a valid userid acquired from a hacked
laptop.
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 3:29 PM, Bigendian Smalls
wrote:
Charles is correct. He found vulnerabilities in DFS I believe. Used that for
privesc.
> On May 6, 2019, at 21:1
Still never would have occurred without a valid userid.
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 3:18 PM, Charles Mills wrote:
No.
>From the link you cite:
"According to various sources, the hackers succeeded in finding (and
exploiting) at least 2 previously unknown errors e
Which is how 80% of all the hacks today start. Find purchase and advance your
position. This is how the game is played. It was as classic of a hack as
anything today.
> On May 6, 2019, at 21:43, Bill Johnson
> <0047540adefe-dmarc-requ...@listserv.ua.edu> wrote:
>
> Still never would have
Zos 1.x used to ship uads with users tso00 to tso03 (or 1-4), so passwords
could be collected from another system. Used this to penetrate the
mainframe. Tx god ibm stop shipping pre loaded uads.
בתאריך יום ב׳, 6 במאי 2019, 22:54, מאת Bigendian Smalls <
mainfr...@bigendiansmalls.com>:
> Which is
Completely different. Hacking Microsoft is way easier.
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 3:53 PM, Bigendian Smalls
wrote:
Which is how 80% of all the hacks today start. Find purchase and advance your
position. This is how the game is played. It was as classic of a ha
So was it hacked 100’s of times then? Since it’s so easy?
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 4:04 PM, ITschak Mugzach wrote:
Zos 1.x used to ship uads with users tso00 to tso03 (or 1-4), so passwords
could be collected from another system. Used this to penetrate the
mainf
Bill, would you care to back that sweeping generalization up with some detail?
> On May 6, 2019, at 22:06, Bill Johnson
> <0047540adefe-dmarc-requ...@listserv.ua.edu> wrote:
>
> Completely different. Hacking Microsoft is way easier.
>
>
> Sent from Yahoo Mail for iPhone
>
>
> On Monday
40 years of mainframe experience and you are talking a handful of mainframe
“hacks” versus thousands of Microsoft hacks. Maybe tens of thousands.
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 4:09 PM, Bigendian Smalls
wrote:
Bill, would you care to back that sweeping generalizatio
It’s why banks stay on the mainframe. Security.
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 4:09 PM, Bigendian Smalls
wrote:
Bill, would you care to back that sweeping generalization up with some detail?
> On May 6, 2019, at 22:06, Bill Johnson
> <0047540adefe-dmarc-requ..
Not a COBOL programmer, but wouldn't file status 34 be issued in such a case?
Or DECLARATIVEs?
On Mon, 6 May 2019 14:15:06 -0400 scott Ford wrote:
:>I have a QSAM question. If I have a Cobol program writing to a QSAM file
:>and it runs out of space on the file, i.e.; SB37 , can i recover from
No. It has nothing to do with security. It is a lagend. Penetrated all my
clients. The reason is convertion complexity, tco and simplicity. Security,
in a nut shell is what your sysprog does. Only few security guys left to
guide them.
בתאריך יום ב׳, 6 במאי 2019, 23:18, מאת Bill Johnson <
00
Binyamin,
Sir your correct.
Todah Rabah
Scott
On Mon, May 6, 2019 at 4:21 PM Binyamin Dissen
wrote:
> Not a COBOL programmer, but wouldn't file status 34 be issued in such a
> case?
>
> Or DECLARATIVEs?
>
> On Mon, 6 May 2019 14:15:06 -0400 scott Ford wrote:
>
> :>I have a QSAM question
[Default] On 6 May 2019 11:15:28 -0700, in bit.listserv.ibm-main
idfli...@gmail.com (scott Ford) wrote:
>All:
>
>I have a QSAM question. If I have a Cobol program writing to a QSAM file
>and it runs out of space on the file, i.e.; SB37 , can i recover from the
>SB37 without manual intervention.
>
BLKSIZE=0 requests "System-Determined Block size". It is indeed the best
option. Presumably the "system" has all the relevant facts and knowledge
at its disposal. Which is likely at least as much as you know.
However, BLKSIZE is one of the many things carried over from medieval times
where the
Well, RSM and Vanguard and so forth claim they never do a pen test that does
not succeed, so I guess yes, hacked hundreds of times.
Of course, maybe hackers aren't as smart as pen testers ...
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.ED
You're right. And you get to explain to your CEO how it wasn't really a
mainframe hack because they had a userid and Windows gets hacked all the time.
Denial ain't just a river in Egypt.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
> How does one audit for shared Windows passwords, even when they may be
> encrypted and salted?
Good question.
I guess the answer to this and all similar questions is "MFA". Two factor
authentication solves a lot of problems, or at least makes them a whole lot
less likely.
Charles
-Ori
On 5/6/19 1:42 PM, Bill Johnson wrote:
> Still never would have occurred without a valid userid.
Think about it this way:
Would a DBA be able to get away saying that "the DB was copied because a
mainframe operator reused their mainframe credentials as their
credentials to access the RDBMS."? (Re
I was a DBA. Anyone who has valid access, no matter how they got it, doesn’t
qualify as a hack of that platform. Nearly every bank in the world still uses
the mainframe. Why? Because it is almost impenetrable by regular hacking means.
So do most insurance companies for the same reason.
Sent f
The mainframe hasn’t even been hack 5 times.
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 7:04 PM, Charles Mills wrote:
Well, RSM and Vanguard and so forth claim they never do a pen test that does
not succeed, so I guess yes, hacked hundreds of times.
Of course, maybe hackers are
Yeah, how dare a lurker challenge the people who dominate the board.
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 7:06 PM, Charles Mills wrote:
You're right. And you get to explain to your CEO how it wasn't really a
mainframe hack because they had a userid and Windows gets hacked
LOL, sure.
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 4:23 PM, ITschak Mugzach wrote:
No. It has nothing to do with security. It is a lagend. Penetrated all my
clients. The reason is convertion complexity, tco and simplicity. Security,
in a nut shell is what your sysprog does. On
Wrong.
https://www.americanbanker.com/news/why-citi-is-buying-ibms-new-mainframe-for-mobile-transactions
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 4:23 PM, ITschak Mugzach wrote:
No. It has nothing to do with security. It is a lagend. Penetrated all my
clients. The reason is
Read up.
https://www.allerin.com/blog/why-do-banks-still-use-mainframes
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 4:23 PM, ITschak Mugzach wrote:
No. It has nothing to do with security. It is a lagend. Penetrated all my
clients. The reason is convertion complexity, tco and simp
Security: Banks deal with a lot of sensitive and confidential information.
Security is a non-negotiable concern with them. Mainframes have security built
into them from the ground up. Through cryptographic hardware acceleration and
secure operating system, mainframes fulfill the critical require
What about BUFL=? As I recall, I used to use this to keep from
having problems with concatenations...
By having a buffer length equal to or larger than any buffer one
might read... And we really were beyond CORE in those days. But
it is true, C-STORE was expensive.
Regards,
Steve Thompson
O
Ok, but why is Windows easier to hack than the mainframe?
Personally, I'd find a mainframe far easier to hack because I know a
little bit about control blocks, APF auth, SVC's, subsystems, address
spaces, RACF, etc., and I know far less about the equivalents on
Windows. But of course the firs
A plethora of reasons.
Lack of emphasis on security by MSFT. More interest in selling the next release
than securing each release.
Buggy code. Went to a security seminar once where it was stated that MSFT code
had one bug for every 25 lines of code. IBM was around one bug every 250 lines
and NAS
How do you get a userid for a mainframe hack attempt? How do you insure it’s
one with decent security access? Knowing very few have APF access.
I’ve never actually seen a mainframe hacked in 40 years and 15 different shops.
Also never heard of one at shops in the Ohio, Pennsylvania area that I di
I know there are other reasons, but the one I always trot out at this point in
the conversation is that Windows is a younger OS. The mainframe has been
around a couple more decades than Windows, so there's been more time to spot
and plug holes.
Plus, for the first decade or so of Windows' life
Itschak, I'm not sure what you're asking but there's quite a bit of
documentation on the Logica break-in. I had to do a report on it for my
employers a few years ago, and I cited six or seven sources for it. Do you
want them? I can send you a copy, although I wouldn't want you to think I'm
c
"Once they’d downloaded the RACF database, they subjected it to a
password-cracking tool. John the Ripper is one such tool, widely available on
the internet. On Feb 28, about the same time the RACF database was downloaded,
some questions appeared on the mailing list PaulDotCom about hashing me
In most shops only 2 people have the required access to the RACF database.
Sent from Yahoo Mail for iPhone
On Monday, May 6, 2019, 11:06 PM, Bob Bridges wrote:
"Once they’d downloaded the RACF database, they subjected it to a
password-cracking tool. John the Ripper is one such tool, widely
Here's one: By acting dumb (well, even more than usual) I got the Help
Desk where I worked to give me my name, the prod system id, my userid,
and a password reset. I gave no information other than calling from my
own desk phone.
The real reason for the call was that I heard they were using t
For the mainframe, one of the words I like to use is "Integrity". The
hardware designers and programmers did not want to let any error, no
matter how small, go unnoticed. A quick example: On a real 3278
terminal if you tried to type on top of a protected field, the box made
a clicky noise an
Bill Johnson wrote:
>Mainframes have security built into them from the ground up.
>Through cryptographic hardware acceleration and secure operating
>system, mainframes fulfill the critical requirement of keeping
>the user and internal data protected.
There are many excellent security attributes in
68 matches
Mail list logo
