Having explored the topic in the past, I believe you need to talk to IBM. The
platform and code for the HMC and SE systems is under tight control and nobody
but IBM can provide you with access to the thing. IBM customers are not allowed
to do that. And event if/when you get the thing, it will no
Hi,
Please assist a poor soul into finding a way to debug SVC (supervisor call
interrupt) handlers. I am still learning HLASM and debugging stuff on 390, so I
am not really aware of the tools, hooks, methods and concepts available. So far
I have managed to get ASMIDF running nicely, relinked with A
Dave,
I guess I will give it a try. I see you offer trial installs, so I will get in
touch privately. Do you have any pointers in the existing online documentation
as to see how the exact hooking into system SVCs can be performed with z/XDC ?
Thanks
Costin
F
> There is a major difference between the SVC interrupt handler and an
> interrupt routine. You really don't want to mess with the former at
> all, and you shouldn't mess with the latter until you understand the
> SVC types and have some experience writing privileged code.
Mea culpa :) I was refe
a short key. IBM
has tried to sort of adapt the CBC mode to this scenario, but did not word out
very well.
Costin
On 3 Sep 2013, at 16:42, Paul Gilmartin wrote:
> On Tue, 3 Sep 2013 14:41:49 +0100, Costin Enache wrote:
>>
>>> The password phrase hash can be split into bloc
, 4 September 2013, 1:11
Subject: Re: RACF Database protection
On 3 September 2013 09:41, Costin Enache wrote:
> The phrase clear text is already padded with spaces to a multiple of 8, but,
> after encryption, the resulting hash is truncated to the length of the
> original clear text,
F Database protection
On 4 September 2013 04:07, Costin Enache wrote:
> It may not be APARable. Even if you fix the bug, what do you do with the old
> password phrases? Maybe update the RACF database with a secure hash value
> once the user logs in (to add the previously discarded hash bytes)
Are you sure? Could you please specify exactly where too look in the RACF docs?
Or do you mean the ICHDEX01 exit (for which you can either choose masking or
implement - program - your own algorithm)?
Costin
From: Elardus Engelbrecht
To: IBM-MAIN@LISTSERV.UA.
Embarrassing that some actually consider that a security flaw. Except for
the title, that article does not mention any security flaws or any other
problems related to the host. The article describes some evident
functionality - how to solve a technical challenge by FTP + JCL. To consider
this a bac
Small
clarification: The usage of password phrases instead of passwords does not
increase the complexity of a brute-force attack against the encrypted hashes,
in case the RACF DB gets compromised (flawed / insecure DES implementation).
The time required for recovering a 16-byte password phrase is t
nal Message-
:>: From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
:>: Behalf Of Costin Enache
:>: Sent: Sunday, September 01, 2013 12:04 PM
:>: To: IBM-MAIN@LISTSERV.UA.EDU
:>: Subject: Re: RACF Database protection
:>:
:>: Small
:>: clarification:
From: Paul Gilmartin
To: IBM-MAIN@LISTSERV.UA.EDU
Sent: Monday, 2 September 2013, 22:09
Subject: Re: RACF Database protection
>>The password phrase hash can be split into blocks of 8 bytes, and each of
>>them "cracked" independently, also in parallel.
>>
Hi,
Some topics that we had to address when performing mainframe security
assessments:
Why you need the assessment for? If you need it for some certification / legal
purpose, then there are cheap, not too technically advanced solutions out
there. If you are actually looking into detecting and
13 matches
Mail list logo
