Penetration Testing mailing list archives
Re: z/OS, OS/390 Pen testing tips/ideas/papers?
From: Torbjorn.Wictorin () its uu se
Date: Thu, 30 Jan 2003 21:06:16 +0100 (CET)
OS/390 (MVS (MVT)) etc is rather safe compared to some other systems. That given that the configuration of the security system is well implemented. You can give access to specific datasets for a specific user running a specific program etc. Also, you can log about _everything_ that happens. However, there are some shortcuts which you perhaps could discuss with some experienced system(s) programmer at the site in question, like 'backdoors' installed in order to make things easy to use etc. Origin of 390 is from the time when many read the assembler listings carefully before installing any priviledged program and therefore has a rather in-depth knowledge of what happens in the OS. Probably the system programmer(s) are the largest risk factor. Torbjörn Wictorin, Uppsala university. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: z/OS, OS/390 Pen testing tips/ideas/papers? visigoth (Jan 30)
- Re: z/OS, OS/390 Pen testing tips/ideas/papers? Torbjorn . Wictorin (Jan 30)
- RE: z/OS, OS/390 Pen testing tips/ideas/papers? Steven Lane (Jan 31)
- <Possible follow-ups>
- Re: z/OS, OS/390 Pen testing tips/ideas/papers? Rainer Duffner (Jan 30)
- RE: z/OS, OS/390 Pen testing tips/ideas/papers? Davi Ottenheimer (Jan 30)