Re: z/OS, OS/390 Pen testing tips/ideas/papers?
From: visigoth (visigoth@securitycentric.com)
Date: 01/30/03
- Previous message: miguel.dilaj@pharma.novartis.com: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
- In reply to: Nick Jacobsen: "z/OS, OS/390 Pen testing tips/ideas/papers?"
- Next in thread: Torbjorn.Wictorin@its.uu.se: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
- Reply: Torbjorn.Wictorin@its.uu.se: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
- Reply: Steven Lane: "RE: z/OS, OS/390 Pen testing tips/ideas/papers?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Jan 2003 21:08:40 -0600 From: visigoth <visigoth@securitycentric.com> To: Nick Jacobsen <nick@ethicsdesign.com>
On Tue, Jan 28, 2003 at 05:24:22AM -0800, Nick Jacobsen wrote:
> Hi all,
> One of my clients has an IBM OS/390 running on one of their networks I
> am doing some security testing on, and considering I really have not dealt
> with any IBM mainframes before when it comes to security, I was hoping that
> some of you might be able to point me the right direction. Anything would
> be helpful, but especially from a penetration viewpoint.
I haven't particularly touched any OS/390 boxen, but in testing other "big
iron" systems like OS/400 we often find that the most common security
vulnerability is STILL default passwords and accounts. I have assessed
banks who still have default accounts in place for accounts ranging from
user template accounts all the way to the QSECOFR account. If the box
you're assessing seems to have any standard authentication interfaces
available, I would start there.... The next issue after that in frequency
is usually internally developed web based apps with gaping holes.
Cheers (and good luck ;)
-visigoth
-- ______________________________________________________________________________ Damieon Stark | Microsoft: Where do you want to go today? e: visigoth@securitycentric.com | Linux: Where do you want to go tommorow? p: 612.382.6945 | FreeBSD/Sun: Are you guys coming or what? pgp: 0xBE5D0C57 | http://www.sun.com/solaris - To the Nth! pgp.mit.edu | http://www.freebsd.org - The power to serve! ------------------------------------------------------------------------------ I'll see your DMCA and raise you a First Amendment. http://www.anti-dmca.org ------------------------------------------------------------------------------ eot
- application/pgp-signature attachment: stored
- Next message: Rainer Duffner: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
- Previous message: miguel.dilaj@pharma.novartis.com: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
- In reply to: Nick Jacobsen: "z/OS, OS/390 Pen testing tips/ideas/papers?"
- Next in thread: Torbjorn.Wictorin@its.uu.se: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
- Reply: Torbjorn.Wictorin@its.uu.se: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
- Reply: Steven Lane: "RE: z/OS, OS/390 Pen testing tips/ideas/papers?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
