[Info-vax] OpenVMS x64 Atom project
Arne Vajhøj
arne at vajhoej.dk
Sun Jun 6 11:42:00 EDT 2021
On 6/3/2021 2:37 PM, Arne Vajhøj wrote:
> On 6/3/2021 1:04 PM, Bill Gunshannon wrote:
>> On 6/3/21 9:39 AM, Dave Froble wrote:
>>> On 6/3/2021 8:11 AM, Simon Clubley wrote:
>>>> VMS is missing security protections common in other operating systems.
>>>
>>> You mean all those "secure" systems that are constantly being hacked,
>>> invaded with ransomware and such. Are those the "common security
>>> protections" you're talking about?
>>>
>>> Perhaps I'd rather be not as "secure" ...
>>
>> Either you don;lt understand any of this or you just haven't been paying
>> attention. The places being hit are, in most of the stated cases, not
>> using any of the accepted security practices.
>
> The fact that it happened prove that they did something wrong.
>
> But they may have done 99 things right and only missed 1.
>
> That is the underlying problem in this: to protect a system you need to
> protect against all attacks - to successfully attack a system you
> only need to fine one that is not protected against.
It has now become public that the pipeline got hit because:
- a user had the same password at another site as for VPN to them
- that other site got compromised and the password database got stolen
and cracked
- MFA not used
Rather trivial, but a lot of breaches are considered trivial - after
the fact.
Arne
More information about the Info-vax
mailing list