[Info-vax] OpenVMS x64 Atom project

Dave Froble davef at tsoft-inc.com
Thu Jun 3 14:08:00 EDT 2021 

On 6/3/2021 1:31 PM, Simon Clubley wrote:
> On 2021-06-03, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>> On 2021-06-03 04:09:27 +0000, Dave Froble said:
>>
>>> I must observe that at this time, ransomware is a rather good friend to
>>> VMS.  Caviets are IT people would need to be aware of VMS, and, it may
>>> someday be a target.  But not today.
>>
>> I've been involved in two cases of ransoming on OpenVMS. I expect there
>> have been others too, handled quietly. Been involved in OpenVMS
>> security breaches, too. Fun times. Not.
>>
>
> Thank you for posting this Stephen.
>
> So David, do you still think that VMS doesn't have a problem in this
> area ?

I wasn't aware of that, no, but I did read "handled quietly".

"Handled quietly" really doesn't help with the problem.  Saving face is 
another of those things that just makes problems worse.  One might 
wonder why there wasn't hollering and screaming for generators when the 
Japanese Nuclear station needed them, didn't get them, and things rolled 
downhill.  Can't convince me that there were no generators in the whole 
country, or outside the country, that could not be airlifted in to help 
in time.

Regardless, I'm guessing most of the software used in ransomware targets 
other than VMS.  Would you agree?

> VMS doesn't even have the application isolation and security containment
> features that are present as standard in some other operating systems
> such as Linux.

And that has helped prevent the attacks that have taken place?

>> If you're not taking steps to secure your apps and source code and
>> data?WORM tapes, and/or off-site, and/or whatever?it's time to start
>> taking a very serious look around your data centers.

Agree 110% ...

> Stopping the use of unencrypted communication protocols on your internal
> networks would be a good idea as well.

What?  Encrypted data cannot be hashed up to make it unusable?

>> That some of these breaches involved the attackers investigating the
>> computer and network environment for weeks or months?before the data
>> encryption started?should scare all of us.

I'm scared ...

> Unfortunately, that doesn't really surprise me given what is considered
> to be normal these days when someone is going after a specific target or
> a specific set of targets.

Humans are easily fooled.  They always believe it will happen to "the 
other guy", and just won't make the effort to be safe.  I found that out 
long ago.

Remember, it took humans to develop the "game" of "russian roulette". 
Doesn't that explain much?


-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list