[Info-vax] What to do with my VAX.....

Alexander Schreiber als at usenet.thangorodrim.de
Wed Nov 11 18:21:44 EST 2020 

seasoned_geek <roland at logikalsolutions.com> wrote:
> On Monday, November 2, 2020 at 4:08:04 AM UTC-6, Alexander Schreiber wrote:
>> seasoned_geek <rol... at logikalsolutions.com> wrote: 
>> > On Saturday, October 17, 2020 at 9:10:35 AM UTC-5, Bill Gunshannon wrote: 
>
>> > There is absolutely no way of securing any system using *nix based 
>> > TCP/IP when it is connected to the Internet.
>> That is, to say it politely, utter nonsense. Yes, securing a network service 
>> is a non-trivial exercise, because it requires more than just grabbing 
>> random code from the Internet, nailing it together and calling it done 
>> (e.g. the NodeJs and friends approach). You need to actually understand 
>> what your are trying to achieve, what you are doing, pay attention to 
>> security starting at the design stage and be competent. If you can't 
>> measure up to this, you have no business building network services. 
>> 
>> That is entirely doable and being demonstrated on a daily basis.
>
> You mean they are breached on a daily basis. So often in fact they
> hardly make the news unless they set a new identity theft record.

Not if the infrastructure is run well and by competent people who are
allowed to do their job. I know a very large, global deployment of various
different types of Unix servers with a very, very boring security history
(as in: nothing happens, even though a lot might be tried). And it _is_
the kind of setup that attracts the usual suspects into attacking by
its very nature.

Of course if the setup is run by .. less than competent people, doing the
usual (not securing system setups before allowing them on the Internet,
not updating systems, keeping default credentials, exposing stuff to
the open Internet that doesn't need to be exposed, ...), well what happens
then is just to be expected.

>> > Lots of places dusting off 
>> > old proprietary protocols for internal networks, putting one or two 
>> > sacrificial machines out on the Internet and only installing/allowing 
>> > the proprietary protocol between them and the internal network.
>> Well, there are clueless idiots in charge everywhere: 
>> - Shannons Maxim applies ("The enemy knows the system.") 
>> - proprietary protocols means fewer people have looked at the design 
>> and implementation, it's less widely used, less stress tested and 
>> most likely has bugs that more commonly used services fixed ages 
>> ago 
>
> Like the Bash security breach exploited for ~25 years before being
> outted in public?

To exploit bash you need to get code execution on the system in the
first place. And nobody in their right mind wires a shell directly
to an open socket (unless it's part of an exploit). So nobody _looks_
for security holes in stuff that should not be security relevant
in the first place. Until, of course, someone does ...

Kind regards,
          Alex.
-- 
"Opportunity is missed by most people because it is dressed in overalls and
 looks like work."                                      -- Thomas A. Edison

More information about the Info-vax mailing list