[Info-vax] One possible market for VMS: secure credit card
Kerry Main
kerry.main at backtothefutureit.com
Sun Mar 22 10:54:02 EDT 2015
> -----Original Message-----
> From: Info-vax [mailto:info-vax-bounces at info-vax.com] On Behalf Of
> Jan-Erik Soderholm
> Sent: 22-Mar-15 10:34 AM
> To: info-vax at info-vax.com
> Subject: Re: [New Info-vax] One possible market for VMS: secure credit
> card
>
> Kerry Main skrev den 2015-03-22 15:23:
> >> -----Original Message-----
> >> From: Info-vax [mailto:info-vax-bounces at info-vax.com] On Behalf Of
> >> Jan-Erik Soderholm
> >> Sent: 22-Mar-15 7:43 AM
> >> To: info-vax at info-vax.com
> >> Subject: Re: [New Info-vax] One possible market for VMS: secure
> credit
> >> card
> >>
> >> JF Mezei skrev den 2015-03-22 09:15:
> >>>
> >>> Checking out ferry schedules for next summer, I find this:
> >>>
> >>>
> >>
> http://www.cmlf.com/DataSecurityInformationPage/tabid/1201/Default
> >> .aspx
> >>> (the press releases links at bottom of page provide more info)
> >>>
> >>> Thankfully, during the time of vulnerability, I think I used cash at
> >>> their food outlets. Lasted from Sept 2013 to August 8th 2014. They
> >> were
> >>> advised of breach on July 30th 2014.
> >>>
> >>> I have to imagine...
> >>
> >> As usual.
> >>
> >> The common way to collect card information is to tamper with the
> >> card terminals themselfs. These are normaly embedded equipment
> >> and can be tampered with no matter what they "run". Usualy by
> >> someone with good inside knowledge of the terminals.
> >>
> >>
> >>> Imagine a small VMS box that is secure, has modern protocol
> support,
> >>> especialy encryption, secure database, which would allow those
> outfits
> >>> to provide secure credit card processing.
> >>
> >
> > Security is only as strong as its weakest link. All links in the solution
> need
> > to be reviewed regularly and enhanced as required.
> >
> >> And why would not those interested in tampering with these
> >> also be intersteding in learning VMS? Silly...
> >>
> >
> > Hackers go where the least amount of work stands to create the
> > greatest rewards.
> >
> > With 98%+ of the typical hackers not even knowing...
>
> Right, but that is only becuse it is not as public as
> meny other OS'es. *If* it had been, I'm sure everyone
> interested also had known about it.
>
> > what OpenVMS
> > Is, security by obscurity is a good thing.
> >
> > This does not mean OpenVMS should be complacent - just the
> opposite.
> > It needs to continually invest in platform security features & supporting
> > processes.
> >
> > Secure OpenVMS / X86-64 based "appliance" solutions are certainly
> > something to consider for future opportunities.
> >
>
> Right. And then we'd have the same situation there as with
> any other OS used today, of course.
>
> I do not think these problems with go away simply by
> changing the OS...
>
That is the old wives tale that says security architecture, maturity and
culture have nothing to do with the security solution. It is the tale that
says a higher security platform solution is not possible as long as it is
popular.
This is also the analogy that believes the only reason corner stores have
more break-ins than banks is that there are more corner stores than
banks.
[lets agree to disagree - this is one of those discussions that can go on
forever]
Regards,
Kerry Main
Back to the Future IT Inc.
.. Learning from the past to plan the future
Kerry dot main at backtothefutureit dot com
More information about the Info-vax
mailing list