Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > pen-test > 03 > 010156.html (Request Expert securityfocus.com Support)

Re: z/OS, OS/390 Pen testing tips/ideas/papers?

From: visigoth <visigoth(at)securitycentric.com>
Date: Wed Jan 29 2003 - 22:08:40 EST

On Tue, Jan 28, 2003 at 05:24:22AM -0800, Nick Jacobsen wrote:
> Hi all,

I haven't particularly touched any OS/390 boxen, but in testing other "big iron" systems like OS/400 we often find that the most common security vulnerability is STILL default passwords and accounts. I have assessed banks who still have default accounts in place for accounts ranging from user template accounts all the way to the QSECOFR account. If the box you're assessing seems to have any standard authentication interfaces available, I would start there.... The next issue after that in frequency is usually internally developed web based apps with gaping holes.

Cheers (and good luck ;)

-visigoth 

-- 
______________________________________________________________________________
	Damieon Stark		| Microsoft: Where do you want to go today?
e: visigoth@securitycentric.com	| Linux: Where do you want to go tommorow?
	p: 612.382.6945		| FreeBSD/Sun: Are you guys coming or what?
	pgp: 0xBE5D0C57		| 
http://www.sun.com/solaris - To the Nth!
	pgp.mit.edu		| 
http://www.freebsd.org - The power to serve!
------------------------------------------------------------------------------
I'll see your DMCA and raise you a First Amendment.
http://www.anti-dmca.org
------------------------------------------------------------------------------
eot

  • application/pgp-signature attachment: stored
Received on Thu Jan 30 13:42:08 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:31 EDT

Do you need help?X
Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library