Cryptolocker (was RE: Is tape dead?

Sean Caron scaron at umich.edu
Wed Sep 16 14:23:59 CDT 2015


And I actually got to play with NOS ... many years after the fact ... never
thought I'd see that! What the cray-cyber.org guys are doing is remarkable.

Best,

Sean


On Wed, Sep 16, 2015 at 3:22 PM, Sean Caron <scaron at umich.edu> wrote:

> Cyber systems didn't get much love from the H/P kids back in the day :O
>
> http://phrack.org/issues/18/5.html
>
> That said; NOS is one of the few mainframe systems ever really discussed
> in Phrack... MVS/TSO and VM/CMS you also see occasionally, but beyond that,
> it seems like most of the G-files were focused on midrange systems ...
> UNIX, VMS, MPE, PRIMOS, TOPS and the like. Very little discussion of many
> of the mainframe vendors ...
>
> There are a few Youtube videos where I guess people have done
> presentations at Defcon or something recently, about mainframe security ...
> kind of neat to watch ... of course, the z/OS they show has got all kinds
> of POSIX stuff grafted onto it and ... it's fairly indistinguishable from
> something older that I would recognize... like MVS 3.8J :O
>
> Best,
>
> Sean
>
>
> On Wed, Sep 16, 2015 at 2:29 PM, Paul Koning <paulkoning at comcast.net>
> wrote:
>
>>
>> > On Sep 16, 2015, at 2:10 PM, Chuck Guzis <cclist at sydex.com> wrote:
>> >
>> > This brings up something that's always baffled me.
>> >
>> > Why does a user's (or worse, the entire system's) files have to be
>> immediately accessible to any application wanting to take a look.
>> >
>> > Take a legacy example, SCOPE or NOS on a CDC mainframe.  ...
>>
>> Just remember that those older systems may well have had any number of
>> security issues of their own.  They did benefit a lot from "security by
>> obscurity" as well as the fact that they weren't connected to the Internet.
>>
>> I never had any incentive to look for holes in CDC operating systems, but
>> I still remember a simple hole I found in OS/360, about a month after I
>> first wrote a program for that OS.  It allowed anyone to run supervisor
>> mode code with a couple dozen lines of assembler source code. I found it on
>> OS/PCP 19.6, but I noticed in graduate school that it still worked on the
>> university's 370 running OS/MVS 21.7.
>>
>> (The magic?  Use the OS service to give a symbolic name to a location in
>> your code, with a well chosen name, then give that name as the name of the
>> "start I/O appendage" in an EXCP style I/O request.)
>>
>>         paul
>>
>>
>


More information about the cctalk mailing list