MAINFRAMES: THE PAST WILL COME BACK TO HAUNT YOU

Black Hat USA 2013

Presented by: Phil Young
Date: Wednesday July 31, 2013
Time: 10:15 - 11:15
Location: Roman 2

From governments to military, airlines to banks, the mainframe is alive and well and touches you in everything you do. The security community that's tasked with reviewing the security on mainframes, though, actually knows very little about these beasts. Be it a lack of access by the security community or the false notion that mainframes are dead, there is a distinct gap between the IT security world and the mainframe world. Mainframes in the IT security community are talked about in whispered hushed tones in the back alleys. Neither knowing if they're as secure as IBM (and mainframers) claim or if they're ripe with configuration problems ready to be exploited. This talk will remove some of the mystery surrounding the mainframe, breaking down that 'legacy wall.' Discussing how security is implemented on the mainframe (including where to find configuration files), how to access it, simple networking and configuration commands, file structure etc. will be presented at this session.

Phil Young

Philip Young, aka Soldier of Fortran, is a mainframe phreak! His love of mainframes goes back to when he watched Tron, wide eyed, for the first time. Though it would be decades until he actually got his hands on one he was always interested in their strangeness. Phil has always been in to security since his days as a sysop and playing around on Datapac (the Telenet of Canada). During a recent review of security on a mainframe he decided to dig a little deeper than previously and discovered two things: (1) No one in the mainframe community knows about what’s going on in the security community (2) No one in the security community knows anything about mainframes (other than that one time they got access to one and didn’t know what to do). Ever since, he’s been obsessed with raising awareness of these machines and how to accurately assess their security. In the past Phil has worked as a Sr. IT Security Analyst for top consulting firms, a tier 3 engineer and wrote for hacking zines in Toronto. He has presented at security conferences, talking about mainframes, in Washington DC (Shmoocon), Las Vegas (BSides), Chicago (Thotcon), San Francisco (BAHA) and Austin (BSides). His hobbies include haxoring JCL, REXX scriptin’ and ANSI/EBCDIC/ASCII art.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats