[Info-vax] OpenVMS versus Windows/GE Telemetry Control Systems.

[Stephen Hoffman]

On 2013-01-15 18:46:39 +0000, John Wallace said:

> Stuxnet was quietly working its way around Window boxes for a long
> while (maybe a year?) before it got serious attention. Ignorance is
> not necessarily bliss. If folks haven't yet looked into Stuxnet or its
> successors (eg Duqu), there's no time like the present, and the
> Wikipedia article on Stuxnet isn't a bad start, although for further
> reading I'd recommend Ralph Langner and maybe Symantec.

Red October, most recently.  Also Flame, which shares features with 
Stuxnet and Duqu.[1]

VMS is lacking defensive features such as address space layout 
randomization[2], execution disable, lacks various safer C calls 
(strcpy_r and other parts of C11 aren't available, and strnlen, strlcpy 
and strlcat and similar calls are lacking), lacks compiler flagging for 
what are now increasingly deprecated calls (e.g. everybody's favorite 
example being gets), and lacks sandboxing.

VMS is not going to be targeted by a mass malware attack, akin to what 
hits Windows.  Spear-phishing, something akin to the SMG hack, or a 
breached network printer sniffing your cluster traffic seems far more 
likely.  Or access gained via SMH or any of the network management 
tools, etc.

If you're watching for port-scanning, you're fighting the last war.

————
[1] Various discussions and related details:
http://www.cs.berkeley.edu/~daw/teaching/cs261-f07/reading/beyondsmashing.pdf
http://en.wikipedia.org/wiki/Address_space_layout_randomization
http://en.wikipedia.org/wiki/Advanced_Persistent_Threat
http://en.wikipedia.org/wiki/Stuxnet
http://arstechnica.com/security/2012/06/flame-crypto-breakthrough/
http://blog.cryptographyengineering.com/2012/06/flame-certificates-collisions-oh-my.html 


[2] Yes, VMS is fond of parking known blocks of code at fixed virtual 
addresses, making ASLR that much more "fun".  Trampoling attackers 
rejoice.

-- 
Pure Personal Opinion | HoffmanLabs LLC