[Info-vax] OpenVMS x64 Atom project

Stephen Hoffman seaohveh at hoffmanlabs.invalid
Fri Jun 4 17:55:24 EDT 2021 

On 2021-06-04 18:02:53 +0000, Dave Froble said:

> On 6/4/2021 1:49 PM, Simon Clubley wrote:
>> On 2021-06-03, Bill Gunshannon <bill.gunshannon at gmail.com> wrote:
>>> 
>>> My backup scheme would  have allowed me to resume operations with no 
>>> more than a  4 hour loss of data.  I did that with no additional budet 
>>> and running strictly COTS.)
>>> 
>> 
>> What about the data they managed to take a copy of before installing 
>> malware on your systems ?
> 
> He didn't think of that, huh?

Or uploading the password hashes for offline cracking, as the password 
hashes on OpenVMS are wicked fast. Efficient password hashes are bad, 
BTW.  Uploading the private certs, too.

One of the ransom cases I've cleaned up after some years ago had the 
perpetrator silently corrupt multiple backups over time, deeper than 
the organization's backup rotation schedule. The perpetrator then 
ransomed the only remaining good copy of the organization's databases. 
In recent ransom attacks on other platforms, the attackers have been 
active in the target organization's networks for weeks and months, too.

> Anybody that stores important data on an internet facing system is just 
> asking for it to be "shared".

Alas, internal networks are increasingly exposed. Pragmatically, 
firewalls are increasingly a network demarcation, and rather less of an 
access barrier.

There are techniques to reduce that internal network exposure through 
networking partitioning, and (arguably better) techniques to operate in 
increasingly-hostile internal networks.

And techniques around detecting unauthorized activity—like a defender 
having to secure as much as possible, once a breach is active, the 
attacker then need only make one mistake to expose the attack.

This also all ties into better securing apps against breaches, too—to 
not assuming developers and system administrators will be perfect. 
(More on this, below.)

> Nobody is paranoid enough.

Ayup. Nobody catches all the mistakes, either.

It's the little things: 
https://web.archive.org/web/20201101014705if_/https://www.reddit.com/r/hacking/comments/jinvje/i_read_the_cuckoos_egg/ 


TL;DR: Internet-exposed OpenVMS systems, still using the ancient 
VAX/VMS default passwords. In 2020.

Usual suspects to check for: user SYSTEM password MANAGER, FIELD 
password SERVICE, SYSTEST password SYSTEST, and SYSTEST_CLIG with no 
password, etc.

And before you laugh about this mistake, how many of you are either 
re-using passwords yourself, or might have or know of folks you work 
with that are re-using their passwords?





-- 
Pure Personal Opinion | HoffmanLabs LLC

More information about the Info-vax mailing list