[Info-vax] One possible market for VMS: secure credit card

Mon Mar 23 13:49:27 EDT 2015

Jan-Erik Soderholm wrote:
> David Froble skrev den 2015-03-22 20:21:
>> JF Mezei wrote:
>>> Checking out ferry schedules for next summer, I find this:
>>>
>>> http://www.cmlf.com/DataSecurityInformationPage/tabid/1201/Default.aspx
>>> (the press releases links at bottom of page provide more info)
>>>
>>> Thankfully, during the time of vulnerability, I think I used cash at
>>> their food outlets. Lasted from Sept 2013 to August 8th 2014. They were
>>> advised of breach on July 30th 2014.
>>>
>>> I have to imagine that they have some PC that collects transactions and
>>> sends them to credit card processor. "Malware" was mentioned. So I
>>> immediatly assume "Windows". (Or "Weendoze" as our renowned Mr Vaxman
>>> would say).
>>>
>>>
>>> Imagine a small VMS box that is secure, has modern protocol support,
>>> especialy encryption, secure database, which would allow those outfits
>>> to provide secure credit card processing.
>>>
>>> The number of breaches is worrysome, from huge outfits like Target or
>>> Home Depot down to some ferry service.
>>>
>>> Market opportunity for VMS once it is on x86.
>>
>> I did this in the opposite direction.  A weendoze service, with VMS users
>> being the clients.  Why?  Because getting VMS to communicate securely 
>> with
>> credit card processors was difficult to "it don't work".
>>
>> I've since got some stuff that will work directly from VMS.  Took some
>> work.  Much better, and not vulnerable to weendoze malware.
> 
> No, not to *Windows* malware. B.t.w. I actually saw you as a professional
> and not letting yourself into childish misspellings.

Now, where did you ever get such an idea?  I consider myself a scoundrel.

:-)

>>
>> And now the game changes again.  I've got a device sitting here that is a
>> scanner and keypad, that encrypts the credit card data and sends the
>> encripted string to the application, for forwarding to the credit card
>> processor.  Haven't had a chance to work on it yet.
>>
>> Face it, the hackers are winning ....
> 
> Are hackers winning becuse you hadn't a chance to "work on it" yet?
> Right, then I guess we are in a big trouble... :-)

No, when ever I read about some of the types of attacks.

The people in Israel who could tell what encryption algorithm was 
running by listening to the power supply ...

Stuff that can get into disk drives ...

And other stuff ...

> I don't get it, are you blaming someone else that your application
> can't handle some specific task?

Not sure what you're asking.  Our applications work just fine.  It's 
when some credit card processor provides modules for the communication, 
and doesn't provide a module for VMS.  Things like that.  If somebody 
gives me a method to communicate with them, I'll implement it.  That 
doesn't always happen.  I guess it's then my fault for using VMS, huh?

Your sarcasm in the past has been noted.  Don't think it means a thing 
to me.  See above about "scoundrel" ....

:-)