Cryptolocker (was RE: Is tape dead?
Sean Caron
scaron at umich.edu
Wed Sep 16 14:22:19 CDT 2015
Cyber systems didn't get much love from the H/P kids back in the day :O
http://phrack.org/issues/18/5.html
That said; NOS is one of the few mainframe systems ever really discussed in
Phrack... MVS/TSO and VM/CMS you also see occasionally, but beyond that, it
seems like most of the G-files were focused on midrange systems ... UNIX,
VMS, MPE, PRIMOS, TOPS and the like. Very little discussion of many of the
mainframe vendors ...
There are a few Youtube videos where I guess people have done presentations
at Defcon or something recently, about mainframe security ... kind of neat
to watch ... of course, the z/OS they show has got all kinds of POSIX stuff
grafted onto it and ... it's fairly indistinguishable from something older
that I would recognize... like MVS 3.8J :O
Best,
Sean
On Wed, Sep 16, 2015 at 2:29 PM, Paul Koning <paulkoning at comcast.net> wrote:
>
> > On Sep 16, 2015, at 2:10 PM, Chuck Guzis <cclist at sydex.com> wrote:
> >
> > This brings up something that's always baffled me.
> >
> > Why does a user's (or worse, the entire system's) files have to be
> immediately accessible to any application wanting to take a look.
> >
> > Take a legacy example, SCOPE or NOS on a CDC mainframe. ...
>
> Just remember that those older systems may well have had any number of
> security issues of their own. They did benefit a lot from "security by
> obscurity" as well as the fact that they weren't connected to the Internet.
>
> I never had any incentive to look for holes in CDC operating systems, but
> I still remember a simple hole I found in OS/360, about a month after I
> first wrote a program for that OS. It allowed anyone to run supervisor
> mode code with a couple dozen lines of assembler source code. I found it on
> OS/PCP 19.6, but I noticed in graduate school that it still worked on the
> university's 370 running OS/MVS 21.7.
>
> (The magic? Use the OS service to give a symbolic name to a location in
> your code, with a well chosen name, then give that name as the name of the
> "start I/O appendage" in an EXCP style I/O request.)
>
> paul
>
>
More information about the cctalk
mailing list