[Info-vax] VMS - Virtual Terminals - A security risk way back yonder OR was that an Old Wives Tale ?

[Sum1]

IanD

As you and I are both in Australia (I assume) and I have been playing 
with VMS since 1977...there were some entertaining issues that were 
noticed in the past, starting in no particular order...

- for a "special purpose", I used to connect a datascope (? I think it 
was called that...) between the serial line ant the LAT device and 
capture data streams...including usernames/passwords...prior to LAT, 
just connect near DZ11 etc....or anywhere in the link
- for another "special purpose", I monitored and decoded LAT traffic on 
the wire, again capturing usernames/passwords
- using assorted terminal server hardware and LAT configurations, you 
could impersonate a disconnected session and "take it over"

Of course, had there been adequate physical security of hardware and 
networks, life would have been more difficult...but it rarely was.

It just may have been that you ran into a difficult System Manager 
because, even though I was doing that stuff from the late 70s, System 
Managers only really became aware of "security" in the mid/late 80s.  
Even the Big 8 consulting firms had no experience in this field, and 
their "IT/DP Auditors" spent all there time looking at accounting-based 
controls.

Cheers