1. 5
  1.  

  2. 3

    Nothing ever gets exploited when access to the system to exploit is very expensive and restrictive in the first place.

    1. 5

      The teams who ran the Iranian nuclear subterfuges would like to have a word with you. You might also find Wiley’s book Unauthorized Access on physical hacking relevant.

      On the one hand, you’re right: that kind of stuff really only applies when you are a seriously high-value target. On the other hand, we’re talking about OpenVMS machines. Many of them are.

      1. 2

        subterfuges

        Nice, I know it’s not really a portmanteau word but it captures to reality perfectly!

        1. 2

          Heh. That was a fun combo fo commenting on my phone over breakfast and forgetting to disable autocorrect, but I’m going to claim I did that on purpose.

      2. 2

        Exactly. See the mainframe OS’s and ancient systems the military runs for examples.

      3. 3

        All of them not designed with rigorous, security engineering will have plenty of holes. Anything without enough review that’s proprietary or FOSS will have holes that last a long time. This is yet another example of that. The downfall of this product’s good reputation for security started effectively when bad management and/or acquisition happened… not sure exactly which… that put sucking money out of customers way above investing into the product. Common end to otherwise well-design tech whose businesses succeed. Good it’s getting more scrutiny given that may force the new company to adopt some good mitigations.