Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Was secreview crap - now OpenVMS!!

From: sys () lfod info
Date: Sat, 05 Jan 2008 01:12:03 +0100
Once a so-called security expert was pen-testing my VMS shop. We were 
having a nice chat while his eval version of GFI LANguard finished the 
scan, and got to talk about VMS. He didn't believe in the robust 
security of VMS and told me to do a search for vms on bugtraq, and see 
how many results came up.
So I did, and was horrified when I saw thousands of results... Until I 
noticed that the matched string in all the (barring perhaps 1 in 10000) 
results was "VMs"; not "VMS" or "vms".

(This was some years ago. The bugtraq search function's improved now.)

Randal T. Rioux wrote:

Valdis.Kletnieks () vt edu said:



Bonus points for knowing that VMS was mostly written in Bliss/32 or some 
such, and VM and MVS were a mixture of assembler and (later on) PL/S. 
No C knowledge needed for those critters...


OpenVMS is less than 40% Blissful... though I'm not familiar with the original source (wasn't it written on stone 
tablets?). About 50% is C, with a healthy mix of obsoletes making the difference. How something so elegant could be 
spawned from such chaos is beyond me.

Mostly, the VMS basic OS utilities are Bliss-based (think: GNU). 

I really wish HP would open OpenVMS before they kill it.

Security relevance: UNHACKABLE! <grin>

Randy



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: