Nothing ever gets exploited when access to the system to exploit is very expensive and restrictive in the first place.
The teams who ran the Iranian nuclear subterfuges would like to have a word with you. You might also find Wiley’s book Unauthorized Access on physical hacking relevant.
On the one hand, you’re right: that kind of stuff really only applies when you are a seriously high-value target. On the other hand, we’re talking about OpenVMS machines. Many of them are.
Nice, I know it’s not really a portmanteau word but it captures to reality perfectly!
Heh. That was a fun combo fo commenting on my phone over breakfast and forgetting to disable autocorrect, but I’m going to claim I did that on purpose.
Exactly. See the mainframe OS’s and ancient systems the military runs for examples.
All of them not designed with rigorous, security engineering will have plenty of holes. Anything without enough review that’s proprietary or FOSS will have holes that last a long time. This is yet another example of that. The downfall of this product’s good reputation for security started effectively when bad management and/or acquisition happened… not sure exactly which… that put sucking money out of customers way above investing into the product. Common end to otherwise well-design tech whose businesses succeed. Good it’s getting more scrutiny given that may force the new company to adopt some good mitigations.
Also posted yesterday as https://lobste.rs/s/8783gk/cve_2017_17482_openvms_security_notice