[Info-vax] VMS - Virtual Terminals - A security risk way back yonder OR was that an Old Wives Tale ?
rdpiccard at gmail.com
rdpiccard at gmail.com
Thu Feb 11 10:19:49 EST 2016
On Thursday, February 11, 2016 at 9:37:50 AM UTC-5, terry-... at glaver.org wrote:
> On Thursday, February 11, 2016 at 9:12:56 AM UTC-5, Stephen Hoffman wrote:
> > So you'd like folks to comment on decades-old memories of possible
> > problems with a system you know little about? Okay, then.
>
> I have vague memories of a security issue sometime in the VMS 4.4 to 5.2 timeframe (I don't remembet the exact release - I want to say 4.4, but 5.0 would seem to be more likely due to all the internal changes).
>
> If I'm remembering it right, the issue had to do with dialup modems and the workaround was to disable virtual terminals (there was a security update from DEC relatively soon after the issue became well-known).
>
> Does this ring a bell for anyone?
I recall modem control signal handling being tightened up around V5. Since one of the exposures was re-connecting to a job in progress, that might have played into it.
We used virtual terminals, which got people used to logging back in, and that made password-stealers a problem until the "break" to evoke VMS's authentication -- very much in the spirit of CTRL-ALT-DELETE years later.
RDP
More information about the Info-vax
mailing list