[Info-vax] IS everyone waiting?
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Fri Oct 21 16:20:12 EDT 2016
On 2016-10-21, Kerry Main <kemain.nospam at gmail.com> wrote:
>
> I also agree with this.
>
> Between VSI and HPE, I am confident that if some future security
> issue did arise with OpenVMS, the issue would get resolved.
>
That's fine if you are on a supported system, but what if someone
has decided to run an old VMS version on an unsupported system ?
No-one expects Microsoft to produce patches (for normal customers
at least) for Windows XP or to produce patches for Windows NT on
Alpha.
Why would VMS be any different ?
(You can't suddenly magic back into existence a long disbanded
maintenance infrastructure for obsolete VMS versions.)
>
> Something we all need to keep in mind - the biggest worry by most
> company security folks these days is not being compromised via
> the Internet, but rather via various internal threats.
>
> The reason?
>
> While disgruntled employees is one internal threat, there is an
> even bigger concern - all those employee owned internal cell
> phones, notebooks, PDA's, IoT devices (watches, FitBit etc).
> These devices are all simply big PC's with next to zero security
> / FW protection on them. These devices regularly transition from
> internal networks to public networks (coffee shops, conferences,
> airports etc) and then back to internal networks.
>
> All a bad person has to do is hack one of these employee portable
> devices with some malware that essentially spins looking for
> specific unpatched servers with known vulnerabilities, and when
> it finds one or more, send the appropriate info back to the
> mother ship.
>
On this bit however I agree with you when you realise that those
same vulnerabilities may exist in company provided equipment as well.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list