[Info-vax] VMS and the Internet of Things (IoT)
Scott Dorsey
kludge at panix.com
Wed Sep 14 08:48:01 EDT 2016
In article <nr9h0g$ha4$1 at gioia.aioe.org>, Chris <syseng at gfsys.co.uk> wrote:
>On 09/12/16 23:16, Stephen Hoffman wrote:
>
>> That's if you're stack smashing, and that code is still entirely
>> dependent on the operating system that's running in the box.
>
>To be honest, neither of us have the knowledge base to comment on this,
>but you only have to look at some the sophistication of some of
>the exploit code (yes, it is X86 assembler) to come to the
>conclusion that some serious effort and cash is being put into it.
>Not bedroom hackers, but well funded organisations and state
>level actors worldwide. You have to
>assume that all systems can be broken, given enough resources, but using
>a non X86 architecture immediately removes the majority of injected
>code related exploits.
Using a non-X86 architecture helps a lot merely by obscurity; the kids don't
know how to write the code and there is no prepackaged injection code off
the shelf.
BUT.... using a capability architecture with real stack protection eliminates
the problem. Sadly the iAPX 432 never made it, though.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."
More information about the Info-vax
mailing list