[Info-vax] One possible market for VMS: secure credit card
David Froble
davef at tsoft-inc.com
Sun Mar 22 15:14:26 EDT 2015
Jan-Erik Soderholm wrote:
> Kerry Main skrev den 2015-03-22 15:23:
>>> -----Original Message-----
>>> From: Info-vax [mailto:info-vax-bounces at info-vax.com] On Behalf Of
>>> Jan-Erik Soderholm
>>> Sent: 22-Mar-15 7:43 AM
>>> To: info-vax at info-vax.com
>>> Subject: Re: [New Info-vax] One possible market for VMS: secure credit
>>> card
>>>
>>> JF Mezei skrev den 2015-03-22 09:15:
>>>>
>>>> Checking out ferry schedules for next summer, I find this:
>>>>
>>>>
>>> http://www.cmlf.com/DataSecurityInformationPage/tabid/1201/Default
>>> .aspx
>>>> (the press releases links at bottom of page provide more info)
>>>>
>>>> Thankfully, during the time of vulnerability, I think I used cash at
>>>> their food outlets. Lasted from Sept 2013 to August 8th 2014. They
>>> were
>>>> advised of breach on July 30th 2014.
>>>>
>>>> I have to imagine...
>>>
>>> As usual.
>>>
>>> The common way to collect card information is to tamper with the
>>> card terminals themselfs. These are normaly embedded equipment
>>> and can be tampered with no matter what they "run". Usualy by
>>> someone with good inside knowledge of the terminals.
>>>
>>>
>>>> Imagine a small VMS box that is secure, has modern protocol support,
>>>> especialy encryption, secure database, which would allow those outfits
>>>> to provide secure credit card processing.
>>>
>>
>> Security is only as strong as its weakest link. All links in the
>> solution need
>> to be reviewed regularly and enhanced as required.
>>
>>> And why would not those interested in tampering with these
>>> also be intersteding in learning VMS? Silly...
>>>
>>
>> Hackers go where the least amount of work stands to create the
>> greatest rewards.
>>
>> With 98%+ of the typical hackers not even knowing...
>
> Right, but that is only becuse it is not as public as
> meny other OS'es. *If* it had been, I'm sure everyone
> interested also had known about it.
>
> > what OpenVMS
>> Is, security by obscurity is a good thing.
>>
>> This does not mean OpenVMS should be complacent - just the opposite.
>> It needs to continually invest in platform security features & supporting
>> processes.
>>
>> Secure OpenVMS / X86-64 based "appliance" solutions are certainly
>> something to consider for future opportunities.
>>
>
> Right. And then we'd have the same situation there as with
> any other OS used today, of course.
>
> I do not think these problems with go away simply by
> changing the OS...
>
>
No, they go away when you call on a software engineer, instead of the
script kiddies ....
More information about the Info-vax
mailing list