[Info-vax] DECUServe is a Hobbyist Chapter
Arne Vajhøj
arne at vajhoej.dk
Sat Jul 4 14:09:23 EDT 2020
On 7/3/2020 1:31 AM, Phillip Helbig (undress to reply) wrote:
> In article <rdlktg$rmb$1 at dont-email.me>, Stephen Hoffman
> <seaohveh at hoffmanlabs.invalid> writes:
>> That "the world's most secure operating system" still has telnet, FTP,
>> and DECnet available in its network configuration certainly belies the
>> claim.
>
> There is some confusion here. The problem with telnet is that the
> password and the connection itself are in clear text. Once the user is
> logged in, it is no different from SSH as far as VMS is concerned. So
> telnet cannot compromise VMS any more than SSH can.
Then encryption is needed for the entire session not just
for sending the password.
There may be other confidential information than password
transferred over the wire.
And there is also the risk of malicious input being injected.
> At most, the user
> is compromised, but, on a public system, I don't see this as a big deal.
Eisner may not contain that much confidential information.
But there is still some signal value. In this case negative signal
value.
Arne
More information about the Info-vax
mailing list