[Info-vax] One possible market for VMS: secure credit card
Jan-Erik Soderholm
jan-erik.soderholm at telia.com
Sun Mar 22 10:34:26 EDT 2015
Kerry Main skrev den 2015-03-22 15:23:
>> -----Original Message-----
>> From: Info-vax [mailto:info-vax-bounces at info-vax.com] On Behalf Of
>> Jan-Erik Soderholm
>> Sent: 22-Mar-15 7:43 AM
>> To: info-vax at info-vax.com
>> Subject: Re: [New Info-vax] One possible market for VMS: secure credit
>> card
>>
>> JF Mezei skrev den 2015-03-22 09:15:
>>>
>>> Checking out ferry schedules for next summer, I find this:
>>>
>>>
>> http://www.cmlf.com/DataSecurityInformationPage/tabid/1201/Default
>> .aspx
>>> (the press releases links at bottom of page provide more info)
>>>
>>> Thankfully, during the time of vulnerability, I think I used cash at
>>> their food outlets. Lasted from Sept 2013 to August 8th 2014. They
>> were
>>> advised of breach on July 30th 2014.
>>>
>>> I have to imagine...
>>
>> As usual.
>>
>> The common way to collect card information is to tamper with the
>> card terminals themselfs. These are normaly embedded equipment
>> and can be tampered with no matter what they "run". Usualy by
>> someone with good inside knowledge of the terminals.
>>
>>
>>> Imagine a small VMS box that is secure, has modern protocol support,
>>> especialy encryption, secure database, which would allow those outfits
>>> to provide secure credit card processing.
>>
>
> Security is only as strong as its weakest link. All links in the solution need
> to be reviewed regularly and enhanced as required.
>
>> And why would not those interested in tampering with these
>> also be intersteding in learning VMS? Silly...
>>
>
> Hackers go where the least amount of work stands to create the
> greatest rewards.
>
> With 98%+ of the typical hackers not even knowing...
Right, but that is only becuse it is not as public as
meny other OS'es. *If* it had been, I'm sure everyone
interested also had known about it.
> what OpenVMS
> Is, security by obscurity is a good thing.
>
> This does not mean OpenVMS should be complacent - just the opposite.
> It needs to continually invest in platform security features & supporting
> processes.
>
> Secure OpenVMS / X86-64 based "appliance" solutions are certainly
> something to consider for future opportunities.
>
Right. And then we'd have the same situation there as with
any other OS used today, of course.
I do not think these problems with go away simply by
changing the OS...
More information about the Info-vax
mailing list