[Info-vax] OpenVMS x64 Atom project

Dave Froble davef at tsoft-inc.com
Mon Jun 7 14:11:32 EDT 2021 

On 6/7/2021 1:45 PM, Bill Gunshannon wrote:
> On 6/6/21 11:42 AM, Arne Vajhøj wrote:
>> On 6/3/2021 2:37 PM, Arne Vajhøj wrote:
>>> On 6/3/2021 1:04 PM, Bill Gunshannon wrote:
>>>> On 6/3/21 9:39 AM, Dave Froble wrote:
>>>>> On 6/3/2021 8:11 AM, Simon Clubley wrote:
>>>>>> VMS is missing security protections common in other operating
>>>>>> systems.
>>>>>
>>>>> You mean all those "secure" systems that are constantly being
>>>>> hacked, invaded with ransomware and such.  Are those the "common
>>>>> security protections" you're talking about?
>>>>>
>>>>> Perhaps I'd rather be not as "secure" ...
>>>>
>>>> Either you don;lt understand any of this or you just haven't been
>>>> paying
>>>> attention.  The places being hit are, in most of the stated cases, not
>>>> using any of the accepted security practices.
>>>
>>> The fact that it happened prove that they did something wrong.
>>>
>>> But they may have done 99 things right and only missed 1.
>>>
>>> That is the underlying problem in this: to protect a system you need to
>>> protect against all attacks - to successfully attack a system you
>>> only need to fine one that is not protected against.
>>
>> It has now become public that the pipeline got hit because:
>> - a user had the same password at another site as for VPN to them
>> - that other site got compromised and the password database got stolen
>>    and cracked
>> - MFA not used
>>
>> Rather trivial, but a lot of breaches are considered trivial - after
>> the fact.
>>
>
> As I have said before, the only breach we had when I was the
> administrator of the CS Department was one user account and
> that was because he used his department password for a WordPress
> account on the Web somewhere and we all know how good their
> security is.
>
> Humans are the biggest threat to IT Systems and, so far, no one
> has figured out how to patch them fix the problem.
>
> bill
>
>

First, do away with passwords.  Don't some phones now need a fingerprint 
to access?  Guess that data could be copied, and used.  Remote access is 
always an issue, and it just ain't going away.

Then, one must convince the management to cough up the funds for such 
things.  That ain't gonna happen.  At least not before lots of pain.

-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list