[Info-vax] OpenVMS x64 Atom project

[Bill Gunshannon]

On 6/6/21 11:42 AM, Arne Vajhøj wrote:
> On 6/3/2021 2:37 PM, Arne Vajhøj wrote:
>> On 6/3/2021 1:04 PM, Bill Gunshannon wrote:
>>> On 6/3/21 9:39 AM, Dave Froble wrote:
>>>> On 6/3/2021 8:11 AM, Simon Clubley wrote:
>>>>> VMS is missing security protections common in other operating systems.
>>>>
>>>> You mean all those "secure" systems that are constantly being 
>>>> hacked, invaded with ransomware and such.  Are those the "common 
>>>> security protections" you're talking about?
>>>>
>>>> Perhaps I'd rather be not as "secure" ...
>>>
>>> Either you don;lt understand any of this or you just haven't been paying
>>> attention.  The places being hit are, in most of the stated cases, not
>>> using any of the accepted security practices.
>>
>> The fact that it happened prove that they did something wrong.
>>
>> But they may have done 99 things right and only missed 1.
>>
>> That is the underlying problem in this: to protect a system you need to
>> protect against all attacks - to successfully attack a system you
>> only need to fine one that is not protected against.
> 
> It has now become public that the pipeline got hit because:
> - a user had the same password at another site as for VPN to them
> - that other site got compromised and the password database got stolen
>    and cracked
> - MFA not used
> 
> Rather trivial, but a lot of breaches are considered trivial - after
> the fact.
> 

As I have said before, the only breach we had when I was the
administrator of the CS Department was one user account and
that was because he used his department password for a WordPress
account on the Web somewhere and we all know how good their
security is.

Humans are the biggest threat to IT Systems and, so far, no one
has figured out how to patch them fix the problem.

bill