The more I look at AWS and the more I cannot understand how IBM missed the opportunity of using massive zSeries installs with Linux LPARs for cloud computing. All the I/O, security, etc. problems had already been solved. CloudHSM? Ha, z15-TO1 & friends, I/O? Ha… mainframe!
-
Did you count me in or not? I spent quite some time hacking LPARs to little success, less now as I lost access to my hacking target, probably my incompetence but they actually had thought of stuff far more than x86.
I wrote a trivial buffer overflow CTF level on z/OS USS, exploitable by dumping shellcode on the stack and overwriting the return addr. The kind of thing that hasn't worked on x86 for two decades... I mean, LPARs work, but so does Intel virtualization...
-
-
I’m talking z/VM and LPARs in which you run Linux, z/OS is something different. Breaking that is more interesting from a rewards perspective… z/OS tools almost certainly have a gazillion vulnerabilities like anything Linux, Windows, macOS. The underlying hardware is better.
-
Better in what way? z/Series had all the same standard speculation vulns as AMD https://www.phoronix.com/scan.php?page=news_item&px=S390-Expoline-Linux-4.16 … (Intel is worse, but we've already established Intel are idiots when it comes to security; use literally anything else, doesn't have to be a mainframe).
- Show replies
New conversation -
-
-
I'm curious - when did you write this exploit?
-
This was probably 3 years ago? But running on a slightly outdated ADCD version of z/OS for testing. We had a real mainframe for the actual competition, but I don't think anyone managed to solve it in time.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.