[Info-vax] OpenVMS x64 Atom project
Arne Vajhøj
arne at vajhoej.dk
Mon Jun 7 08:10:00 EDT 2021
On 6/6/2021 10:33 PM, Dave Froble wrote:
> Ok, a VMS question.
>
> What, other than getting to run a program, could be done by the bad guys
> on a VMS system? I confess, I have not studied the issue at all.
>
> If the bad guys need to get access and run a program, would defenses
> that check for valid programs running be successful?
>
> So, yeah, if I can get access and run a process on VMS, much can be
> done. And possible defenses could be set up. But if there are other
> possibilities, one would need to know about them before considering
> defenses.
That is a broad question, but some random answers.
There are different purposes of attacks including:
* make the system unusable (sabotage)
* steal sensitive information and sell it (espionage)
* encrypt all data and require a ransom to decrypt (ransomware)
* make small changes to data that will go undetected for a long time
(also sabotage)
* just put up a notice (ego hacking)
Obviously doing any of these require some sort of access.
It can be an interactive login (DECnet, telnet, ssh) or it can
be some network request (DECnet FAL, rsh/rexec, HTTP to unsafe
service, buffer overflow in some custom TCP application etc.).
Or maybe the vulnerability came with some software installed
or maybe some hardware.
It can come from LAN, private WAN or public internet.
It can go directly in to a privileged account or it can go
into an unprivileged account and use some other vulnerability
to get privs or it can go after an account that does not have
SYSPRV but does have full access to a certain application.
It can be a foreign intelligence service, foreign hackers, young
people from your local college or an insider (former or current
unhappy employee).
As soon as you turn the power on then ...
Arne
More information about the Info-vax
mailing list