Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Does anyone know of a documented case of VM being penetrated by hackers?

4 views
Skip to first unread message

Anne & Lynn Wheeler

unread,
Apr 25, 2007, 12:02:21 PM4/25/07
to The IBM z/VM Operating System
rschuh wrote:
>
> Does anyone know of a documented case of VM being penetrated by hackers?
>

long ago, I briefly succombed once.

The future system project was in full swing ... lots of past posts
http://www.garlic.com/~lynn/subtopic.html#futuresys

all the documentation was supposed to be super secret and required
need-to-know ... and so it was all being done as softcopy under vm370.
they had instituted all sorts of additional security processes.

I had been somewhat panning FS project by comparing what they were doing
to a cult film that had been playing continuously for several yrs down
in central sq (and making references to the inmates being in charge of
the institution).

Anyway ... somebody up'ed the ante by making claims that all the vm370
security procedures were such that even if I was physically in the
machine room, I wouldn't be able to access the documents. So in a moment
of weakness, I said that it would take less than five minutes ... I went
to the operators console and spent most of the time disabling
connectivity to the machine (to anything outside the machine room)
... then I flipped a bit in real storage ... and had access to
everything.

So they then wanted to know what kind of countermeasures to that attack
would I use (i.e. standard procedure to alternate between attacking and
defending). My comment was to remove all the front panel controls to a
lockable interface (say keyboard handled by some sort of service
processor requiring password) and/or encrypt all the information
(i.e. DES hadn't been invented yet ... although the person responsible
for DES was student down at Harvard at the time)

for some topic drift ... recent somewhat related thread
http://www.garlic.com/~lynn/2007i.html#14 when was MMU virtualization first considered practical?
http://www.garlic.com/~lynn/2007i.html#15 when was MMU virtualization first considered practical?
http://www.garlic.com/~lynn/2007i.html#16 when was MMU virtualization first considered practical?

basically the cp67 service at the science center
http://www.garlic.com/~lynn/subtopic.html#545tech

including providing access to some number of students and others from
various educational institutions in the boston area ... while at the
same time, performing some amount of activity involving extremely
sensitive corporate information. In the above reference thread ... it
was the existance of virtual memory for 370 ... before the announcement
that there would be 370 virtual memory.

Another scenario involved the most sensitve corporate data about
customers and business operation. The science center had ported apl\360
to CMS for cms\apl. One of the things this allowed was workspace sizes
up to the size of the cms virtual machine (while typical apl\360
workspace sizes was 16kbytes or sometimes 32kbytes). In that time-frame,
APL was frequently used for business modeling and other things that
currently commingly use spreadsheets. Drastically increasing the APL
workspace size allowed for business people in corporate hdqtrs to run
their applications against large amounts of real data (so remote 2741
terminal access was provided to armonk ... and they set up tapes
containing extremely sensitive customer and business data).

In this time frame, there was one incident of a MIT student doing a
looping channel program as a denial of service attack.

for other drift ... there was the use mentioned by these guys
... something that I didn't learn about until much later
http://www.nsa.gov/selinux/list-archive/0409/8362.cfm

misc. past posts about security issues raised by allowing access to
non-employees and students from various institutions in the Boston
area ... while at the same time providing services involving
some of the highest sensitive corporate information.
http://www.garlic.com/~lynn/99.html#7 IBM S/360
http://www.garlic.com/~lynn/99.html#33 why is there an "@" key?
http://www.garlic.com/~lynn/2000g.html#4 virtualizable 360, was TSS ancient history
http://www.garlic.com/~lynn/2001i.html#44 Withdrawal Announcement 901-218 - No More 'small machines'
http://www.garlic.com/~lynn/2002h.html#50 crossreferenced program code listings
http://www.garlic.com/~lynn/2002h.html#60 Java, C++ (was Re: Is HTML dead?)
http://www.garlic.com/~lynn/2002i.html#62 subjective Q. - what's the most secure OS?
http://www.garlic.com/~lynn/2002p.html#37 Newbie: Two quesions about mainframes
http://www.garlic.com/~lynn/2002q.html#47 myths about Multics
http://www.garlic.com/~lynn/2003b.html#0 Disk drives as commodities. Was Re: Yamhill
http://www.garlic.com/~lynn/2003e.html#66 History of project maintenance tools -- what and when?
http://www.garlic.com/~lynn/2003f.html#1 History of project maintenance tools -- what and when?
http://www.garlic.com/~lynn/2003g.html#5 Any DEC 340 Display System Doco ?
http://www.garlic.com/~lynn/2003g.html#18 Multiple layers of virtual address translation
http://www.garlic.com/~lynn/2003g.html#29 Lisp Machines
http://www.garlic.com/~lynn/2004b.html#31 determining memory size
http://www.garlic.com/~lynn/2004c.html#7 IBM operating systems
http://www.garlic.com/~lynn/2004e.html#36 NSF interest in Multics security
http://www.garlic.com/~lynn/2004p.html#50 IBM 3614 and 3624 ATM's
http://www.garlic.com/~lynn/2005b.html#12 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005b.html#45 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005d.html#58 Virtual Machine Hardware
http://www.garlic.com/~lynn/2005f.html#63 Moving assembler programs above the line
http://www.garlic.com/~lynn/2005g.html#57 Security via hardware?
http://www.garlic.com/~lynn/2005h.html#18 Exceptions at basic block boundaries
http://www.garlic.com/~lynn/2005o.html#34 Not enough parallelism in programming
http://www.garlic.com/~lynn/2005o.html#46 Article: The True Value of Mainframe Security
http://www.garlic.com/~lynn/2005p.html#20 address space
http://www.garlic.com/~lynn/2005p.html#27 What ever happened to Tandem and NonStop OS ?
http://www.garlic.com/~lynn/2006.html#38 Is VIO mandatory?
http://www.garlic.com/~lynn/2006f.html#5 3380-3390 Conversion - DISAPPOINTMENT
http://www.garlic.com/~lynn/2006h.html#14 Security
http://www.garlic.com/~lynn/2006l.html#21 Virtual Virtualizers
http://www.garlic.com/~lynn/2006m.html#26 Mainframe Limericks
http://www.garlic.com/~lynn/2006n.html#2 The System/360 Model 20 Wasn't As Bad As All That
http://www.garlic.com/~lynn/2006o.html#19 Source maintenance was Re: SEQUENCE NUMBERS
http://www.garlic.com/~lynn/2006w.html#3 IBM sues maker of Intel-based Mainframe clones
http://www.garlic.com/~lynn/2006x.html#19 The Future of CPUs: What's After Multi-Core?
http://www.garlic.com/~lynn/2007g.html#31 Wylbur and Paging


Anne & Lynn Wheeler

unread,
Apr 26, 2007, 10:11:39 AM4/26/07
to IB...@listserv.uark.edu

re:
http://www.garlic.com/~lynn/2007i.html#20 Does anyone know of a documented case of VM being penetrated by hackers?

for a little topic drift ... a little about virtual machine assurance
in recent post to ibm-main
http://www.garlic.com/~lynn/2007i.html#26 Latest Principles of Operation

Anne & Lynn Wheeler

unread,
Apr 26, 2007, 8:32:57 PM4/26/07
to IB...@listserv.uark.edu

George Haddad wrote:
> The last major hole I can recall was in the late 80s or early 90s IIRC,
> where it was discovered that when sending an SMSG to an SVM (I think it
> was RSCS) which included a CP command, the the SVM would blindly execute
> multiple CP commands if they were chained with CP Newline character. If
> the SVM had any special privs ...well you get the idea. It was patched
> very quickly.

re:
http://www.garlic.com/~lynn/2007i.html#20 Does anyone know of a documented case of VM being penetrated by hackers?

http://www.garlic.com/~lynn/2007i.html#29 Does anyone know of a documented case of VM being penetrated by hackers?

should have been mid-70s ... not late 80s ... at least on
the internal network
http://www.garlic.com/~lynn/subnetwork.html#internalnet

from long ago and far away ...

To: wheeler
Date: 80/12/16 10:52:11

I never came back last night, but I did speak to XXXXXX about that
file. He points out that RSCS probably translates a pound sign to a
question mark for display (to eliminate problems with embedded
commands in messages, which caused some difficulty a few years ago).
So the file is probably ok; perhaps you can check with XXXXX and find
out.

By the way, what I did last night was to tune my oil burner. I
don't know how you people out there heat (on the 3 days a year
when the temperature gets below 68), but if you have an oil burner
(even just for hot water), you ought to look into doing a tune-up
on it. The lab here has a kit we can borrow for the purpose, and
in less than an hour I got the efficiency from 60% to about 74%.

... snip ...

and now for some networking thing completely different from the late
80s

To: wheeler
From: somebody in corporate hdqtrs
Date: 7 May 1987, 19:35:58 EDT
Subject: Large Files...

Lynn:

We are getting requests to handle 500MB files.. EC releases, Chip
Designs, software, and documentation... (one group has a 3BB file
requirement!!).. Altho' the 500MB req't is coming within the next few
months...

Have you done any thinking during your HSDT work.. on what the limits
might be on large files.. compared to our networking software and
communication link capacity...??? I'm thinking that there must be a
limit... or a knee on the curve which says.. use a courier service..
rather than the network... Have you been able to develop any
attributes, characteristics, etc.. on 'large files'...that could be
helpful to planning and operating with these large files...??

... snip ...

i.e. HSDT (high-speed data transport) was working with handling large
files ... recent post referencing helping contribute to bringing in
the RIOS chipset a year early
http://www.garlic.com/~lynn/2007f.html#73 Is computer history taught now?
http://www.garlic.com/~lynn/2007h.html#61 Fast and Safe C Strings: User friendly C macros to Declare and use C Strings

misc. posts mentioning HSDT activities ... dating back to
1980 time-frame
http://www.garlic.com/~lynn/subnetwork.html#hsdt

as well as some activity working with various people at
univ. and NSF ... old email:
http://www.garlic.com/~lynn/lhwemail.html#nsfnet

and misc. postings mentioning BITNET and/or EARN
http:/www.garlic.com/~lynn/subnetwork.html#bitnet

0 new messages