OpenVMS and Security

This was one of my favourite topics back in the day and given the current focus on hacking it’s starting to get my attention again. Just today I received an email from a transport organisation I use infrequently; apparently a 3rd party company they use to “manage” their customer communications database has been compromised. The good news is no financial information has been taken, the not so good news is they now have my name and email address (I look forward to some of the emails I’m going to get in the future).

At a personal level I’m pissed that an organisation I trusted has managed to give away some of my private information, at a professional level I’m both amazed and disgusted that yet another major organisation has been hacked, do these people never watch the news – Marks & Spencer, Jaguar Land Rover etc.

So what has this got to do with OpenVMS, well remember Kevin Mitnick, the infamous hacker who could never break into a properly managed OpenVMS system (note: properly managed). He was the best of his era and he couldn’t break OpenVMS. I also saw an article this week which highlighted the fact that the US Nuclear capability runs on “old” IBM equipment and is air gapped (new to me as well), making it much safer than more modern systems.

So what has this got to do with OpenVMS, well if I was an OpenVMS IT manager I’d be feeling pretty comfortable talking to my boss (assuming I’ve set the system up correctly) about hacking and 3rd party infiltration. The OpenVMS universe has always known about the security capabilities of the OS, maybe it’s time we shouted more loudly about them.