In article <981761000637.wa.paulgboulderaim@listserv.ua.edu> you wrote:
> On Wed, 8 May 2019 20:40:12 +, Seymour J Metz wrote:
> >Yes, but you can FTP to an MVS file, which you can allocate with attributes.
> >
> "MVS file"? Do you mean a data set, or as TSO overloads the term, a DDNA
Thanks Lizette. I will check it out.
On Tuesday, May 7, 2019, 2:08:24 p.m. EDT, Lizette Koehler
wrote:
Remember, that IEBCOPY has lots of examples and details on IBM.COM
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.idau100/iebcopy.htm
Unless specified
On Tue, 7 May 2019 09:26:58 -0300, Clark Morris wrote:
>Could someone use DF/DSS, DF/HSM, FDR or FDR/ABR to copy the database
>and then download the dump of the database?
>
>Clark Morris
>>
Clark,
If they have read access to the database, yes. That's what happened in the
Swedish bank hack, b
The examples don't address the question. However, elsewhere there is a warning
not to use COPY for program objects.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List on behalf of
esmie moo <012780d99c7b-dm
If you can transfer the backup file (real or virtual tape) to another
system, then you can use the admin authorization to restore any or all
files in the backup file. Just like using a rescue system to restore
at a DR site.
On Thu, May 9, 2019 at 8:56 AM Peter Vander Woude
wrote:
>
> On Tue, 7 M
Not quite; the binary option is relevant to step 1. I was assuming just doing a
binary FTP to an MVS datset and using that for the RECEIVE, but if you insist
on both an MVS data set and an OMVS file, then the binary goes on step 11 and
the attibue goes on step 2.
--
Shmuel (Seymour J.) Metz
ht
I had an XMITIP user send me a report of a failure and I need the help of
this group as it involves NJE and z/VM.
Their configuration is they run XMITIP on z/OS, which generates the SMTP
email as a sysout file in the JES2 spool with a destination of a z/VM node
and user of the SMTP server on z/
I don't know of any TSO documentation that uses the term "dataset" for a
ddname. TSO does use both "DATASET" and "DSNAME" as keywords for the dataset
name, but it generally uses "FILE" as the keyword for a ddname.
If the OP really wants to first FTP to an OMVS file and then copy it to an MVS
da
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.idau100/u1061.htm
Program objects are created automatically when load modules are copied
into a PDSE. Likewise, program objects are automatically converted
back to load modules when they are copied into a partitioned data
When you write "z/VM", do you mean RSCS or the z/VM SMTP?
IAC, you might consider adding DCB options to XMITIP to control the format of
the SPOOL file.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List on beha
Correct - RSCS on the z/VM side. I have asked for error messages (mid last
week) and not seen those yet.
XMITIP dynamically determines the sysout dcb for the spool file based on the
data being included in the generated email. This is the 1st time I've heard
of this issue in almost 30 years of XMI
Hi Jorge
you will find the smf defintion TCP/IP Books, use subtype 20 or 21 to
get your information.
TN3270E Telnet server SNA session initiation record (subtype 20)
TN3270E Telnet server SNA session termination record (subtype 21)
if you need more help send me an mail on wolfgang.fr...@wfs-gm
The paragraph you quoted says nothing about whether you can use COPYMOD to copy
a program object from one PDSE o another.
> "COPYGRP is recommended for PDS Load Modules or PDSE Program Objects to
> include any aliases that may be present."
The same document says "When the INDD and OUTDD data set
Don't you MIME encode the dataset attached to the e-mail? Or are you saying
that the user have VB message text along with the file to be transmitted?
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List on behalf
The data may be part of the message or part of a mime attachment
Lionel B. Dyck <
Website: http://www.lbdsoftware.com
"Worry more about your character than your reputation. Character is what
you are, reputation merely what others think you are." - John Wooden
-Original Message-
From: I
Hi Jorge
in tcpip Profile add following statements to activate smf records in CS
SMFCONFIG; was SMFPARMS statementmnt
TYPE119
FTPCLIENT
IFSTATISTICS
IPSECURITY
PORTSTATISTICS
TCPINIT
TCPSTACK
TCPIPSTATISTICS
TCPTERM
TN3270CLIENT
UDPTERM
Am 08.05.2019 um 13:01 schrieb Wol
No.
Read the original thread here.
It was a vulnerability in a Web server.
Hacking the RACF database was done well after the fact, by investigators.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Peter Vander Woude
Sent:
More information and clarification.
The smtp email spool file is being received by RSCS and passed to the SMTP
server on z/VM which is delivering the email BUT the text attachment is
being truncated to 80 bytes instead of the original 132.
Thus it would seem that somehow either RSCS or the z/VM S
Before 370 virtual memory was announced, a copy of internal document
leaked to industry magazine. There was then a "Pentagon Papers" like
investigation to find the leaker. Also all company copiers were
retrofitted that placed a machine identification on all copied
pages. Then for the "Future System
To answer the OP question, Yes, assuming
- The perp has the ability to run some sort of volume backup, such as
authority to the volume and to run a volume backup program.
- The ability to copy the backup off of the system, such as with FTP, access
to a physical tape drive, or downloading to a PC a
I believe Peter's right. The hackers got a stolen ID with some RACF power, by
means not positively identified but social engineering is as likely as any
other hypothesis. (I read ~speculation~ about an HTTP vulnerability, but the
forensic investigators never established how the initial breakin
All of the security datasets are locked down to all but a select few. It would
be next to impossible for someone not considered highly trustworthy to do
anything with them.
Sent from Yahoo Mail for iPhone
On Thursday, May 9, 2019, 1:16 PM, Charles Mills wrote:
To answer the OP question, Yes
I have read the entire, very thorough police report, as has Chad R. Phil Young
has done considerable research on this.
There were two parts to it.
Svartholm somehow got the MPAA lawyer's user login for the Infotorg legal
database, hosted on USS. (The "somehow" may be known but I do not know or
How about a volume backup? How about from a sandbox LPAR that shares DASD?
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Bill Johnson
Sent: Thursday, May 9, 2019 10:32 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Can backup
We have some user exits used for TPX 5.2 and unfortunately we don't know
where the source codes are located.
Is it ok to just copy over to 5.4 ?
On Fri, 3 May, 2019, 3:09 AM Mark Zelden, wrote:
> On Thu, 2 May 2019 15:44:14 -0500, Michael Cleary <
> michaeljosephcle...@yahoo.com> wrote:
>
> >If
> And yes, it was a z/OS vulnerability.
Are you saying that Bob Bridges was wrong when he wrote "The stolen ID also had
read access to the RACF database.."? It's not a vulnerability of the lock when
you leave your key on the porch for anyone to use.
--
Shmuel (Seymour J.) Metz
http://mason.gmu
Probably not a good idea. Do you know if they were smpe installed? There
could be a copy in your SMPPTS, or SMPSTS datasets? Otherwise, try it, but
I'd expect unexpected results.
_
Dave Jousma
It's not part of smpe..
Just assembly and Linkedit..
On Thu, 9 May, 2019, 10:35 PM Jousma, David, <
01a0403c5dc1-dmarc-requ...@listserv.ua.edu> wrote:
> Probably not a good idea. Do you know if they were smpe installed? There
> could be a copy in your SMPPTS, or SMPSTS datasets? Otherwi
Yes, that assertion is incorrect. Read my post.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Seymour J Metz
Sent: Thursday, May 9, 2019 11:29 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Can backup mechanisms be used to ste
If you really want/need them, search for a reverse assembler. I think there is
one on the CBT tape.
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Peter
Sent: Thursday, May 9, 2019 2:43 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Assembly JCL for tpx 5.4
[External
And there's one in the HLA Toolkit if you're licensed for it.
Mark Jacobs
Sent from ProtonMail, Swiss-based encrypted email.
GPG Public Key -
https://api.protonmail.ch/pks/lookup?op=get&search=markjac...@protonmail.com
‐‐‐ Original Message ‐‐‐
On Thursday, May 9, 2019 2:47 PM, PINION,
"I'd expect unexpected results"
Wait a second... I'm in a loop with that statement :)
My first thought was a disassembler if this is something pretty small,
and then try to pick out any assembled TPX macros and control block
references since I think those would be the most likely changes betwe
5 LPARS, shared DASD, same rules for each LPAR. Full volume backups were
controlled by 1 DASD Admin.(now deceased) I no longer work there. As the
installer of the security product, TSS, even I had very limited access to the
security datasets.
If hacking the mainframe was easy, or even slightly b
On Thu, May 9, 2019 at 2:45 PM Bill Johnson <
0047540adefe-dmarc-requ...@listserv.ua.edu> wrote:
> 5 LPARS, shared DASD, same rules for each LPAR. Full volume backups were
> controlled by 1 DASD Admin.(now deceased) I no longer work there. As the
> installer of the security product, TSS, even
On Thu, 9 May 2019 10:45:37 -0500, Lionel B Dyck wrote:
>More information and clarification.
>
>The smtp email spool file is being received by RSCS and passed to the SMTP
>server on z/VM which is delivering the email BUT the text attachment is
>being truncated to 80 bytes instead of the original 1
The issue seems to be that the z/VM RSCS, or the SMTP server, was taking the
data and truncating it to 80 bytes.
I had the site change the secure_smtp setting in the XMITIPCU configuration
file from null to 1. This has nothing to do with security but SMTP on z/OS
would only validate the sending
What I said below about "good installation documentation" applies. Usermod or
not
in the previous install, that's so important. Too bad more and more I see
people with the "just install and get it working" mentality and they don't
document anything and put things in their own personal librarie
What causes IBM integrity (code-based) APARs to be generated? Surely not
all of them are found internally. The thing is, with the way integrity
APARs are handled the source of the problem is never disclosed. Many are,
I believe, zero-days, that would cause a hack if found by the wrong person.
L
On Thu, 9 May 2019 15:08:28 -0500, Lionel B Dyck wrote:
>The issue seems to be that the z/VM RSCS, or the SMTP server, was taking the
>data and truncating it to 80 bytes.
>
>I had the site change the secure_smtp setting in the XMITIPCU configuration
>file from null to 1. This has nothing to do w
Any customer who discovers a security bug can report it. BTDT,GTTS (just the
tee shirt, no scars.)
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List on behalf of Lou
Losee
Sent: Thursday, May 9, 2019 4:21 PM
Configuration control is easier if everything in a target library gets there
through SMP.
IMHO documentation should precede implementation, with n immediate update if
anything changes. I've heard that there's a round tuit shortage.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
> Yes, that assertion is incorrect. Read my post.
The only thing that I see that is relevant is where you quoted "There are also
solid indications that they downloaded the RACF database (about 28MB", which
certainly seems consistent with Bob's claim.
--
Shmuel (Seymour J.) Metz
http://mason.gm
I'm a strong proponent of installing things like this as SMPE usermods. SMPE is
good at preserving both source and SYSLIB concatenations. Individuals come and
go, but SMPE zones are usually easier to identify, back up, and restore than
random user data sets. I've heard of (and experienced) cases
No, ~I~ quoted "there are solid indications" etc. Mr Mills asserts that
they did not, which is contrary to my own reading but at this remove perhaps
it doesn't matter. Whatever actually happened at Logica, the important
point is that with read access a hacker would be able to do so, a situation
m
I found many security and system programmers assuming that in order to
manage security, one need access to the security database.I many
assessments I was able to copy the file with no problem. While this
assumption is completely untrue, many of you make use of (at least one)
racf administration pro
No argument there! :-)
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Bob Bridges
Sent: Thursday, May 9, 2019 9:24 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Can backup mechanisms be used to steal RACF database? was Re:
mai
46 matches
Mail list logo
