[Info-vax] Free Pascal for VMS ?

Arne Vajhøj arne at vajhoej.dk
Wed May 23 21:30:41 EDT 2018 

On 5/23/2018 7:58 PM, seasoned_geek wrote:
> On Wednesday, May 23, 2018 at 6:40:47 PM UTC-5, Arne Vajhøj wrote:
>>> The bulk of today's security breaches/mass identity thefts are a 
>>> direct result of said growth of mold. __ANY__ application can
>>> open a port and communicate to the outside world. There is
>>> virtually no control and even if you manage to find all of the
>>> configuration scripts for package-a, unless you look at the code
>>> you cannot be certain that is all the ports it uses.
>> 
>> Except for those 99% of servers that have a firewall controlling 
>> what can connect to what.
> 
> And that same 99% have breaches caused in large part by applications
> being able to create their own IP sockets outbound.

That is practically never the case as enterprise firewalls
block that type of access.

>>> Ubuntu did try to address this, after the fact. In 2012 they
>>> shipped the Ubuntu Firewall (also called Uncomplicated Firewall -
>>> which is a completely inappropriate name) quietly, and enabled.
>>> Nothing worked. The entire "community"  on the forum tried to
>>> come up with a functional list of what should be allowed by
>>> default and they simply couldn't do it.
>> 
>> Uncomplicated Firewall is a GUI admin tool for iptables that are
>> successfully used on lots of Linux servers and Linux desktop PC's.
> 
> Those same systems involved in today's, tomorrow's and yesterdays
> massive data breach stories. A firewall didn't do Equifax much good.

That is true. Firewalls does not prevent vulnerabilities in software.

> An application able to create its own ports lead to the breach.

No.

The Equifax breach was due to a Struts vulnerability exploited
via inbound traffic.

>> GDPR will not have very little impact on comm protocols used.
> 
> It will have a dramatic impact. When TLS is known to be insecure out
> in the wild, companies will not be able to use this insecure
> transmission encryption. With a TCP/IP software appliance, not a big
> deal. Change the transport layer security at the service definition.
> No application changes. In a *nix world, massive deal. Thousands of
> applications have to be hand modified and recertified.

No.

Upgrading SSL (TLS) library centrally will update the software.

A change in protocol may require recertification but should be the
same no matter if it is a library or you firewall branded as
an appliance.

Arne

More information about the Info-vax mailing list