5 Nov
2011
5 Nov
'11
6:34 p.m.
On 11/5/2011 5:37 PM, Dave McGuire wrote:
I don't know you at all or you me but, unlike you I will say you know
something about this subject and would not actually stick a vms 5 box
out for attack. In this argument we are having you say you would but, I
don't actually believe you would.
Because they stop releasing patches for it. That is all. We are talking
twenty years here. I, personally, believe that having your OS attacked
is good. It makes it stronger. It gets patches released. When it is
sitting in some obscure place off the internet fine. It will probably
not be hacked. You might also ask Iran's IT people how they feel about
the whole security through obscurity thing or how their centrifuges are
doing now. People are holding keys into all these older and closed
systems. They just need a reason to use them. Telling someone to hack
your vs3100 for shits and giggles isn't. If I had a zero day exploit on
5 I wouldn't waste it here. That is for sure.
On 11/05/2011 07:18 PM, leaknoil wrote:
I didn't mention the big Solaris machine because I was pretty sure
you wouldn't know what it was.
And you would be very wrong. Sun is actually what I do and have done
since about the time VMS 5 might have been considered secure.
I said I hated to think they were still using
VAXStation 4000 to run
critical defense things. When did I ever doubt they weren't ? Did you
even read anything or just decide what it said before hand.
Oh ok, I must've misinterpreted something you said. My apologies.
I retract that part.
I feel I can
safely say a VMS 5 server would be a
serious risk on any exposed network.
That's nice. In my professional opinion, I wouldn't be too sure at
all, not without some pretty serious evaluation. I say this because
I've tried to crack many a VMS system (white hat) and rarely have I
gotten very far. (username FIELD with password SERVICE notwithstanding)
That was
actually the whole point. My comment was about the guy saying 5
was secure not VMS in general.
And on that part we can agree, as per my previous email.
Why do I have to personally hack something to
declare it a security risk
? It's obviously a security risk to put, a VMS 5 box on the internet
with sensitive data on it. I don't get paid to hack systems but, I
certainly have to secure them.
WHY is that so? WHY is it so obvious? And WHY is it automatically
bad to run hardware in a certain application once it passes a certain
age? You keep making these assertions but you never back them up with
anything substantial. People keep presenting information
contradicting you (poking holes in your "holes", explaining why it's
dangerous and expensive to upgrade for the sake of upgrading) and yet
you still make these assertions, as if you don't even hear what others
are saying.
That's what some of the consumer-oriented public Internet is, yes.
But it's foolish (not to mention wrong) to assert that that's ALL it
is. That may be all you do with it, but that's not so for many of the
rest of us. Have you actually WORKED on this network?
(same troll, same flame!)
-Dave
I'm not really. I just stand up for what I believe. Let me just say this
though. The "consumer-oriented public Internet" is what the internet is
now. Netflix alone was something like 30% of all internet traffic last
month.