bot infected computers in the millions - robing businesses! - VMS

This is a discussion on bot infected computers in the millions - robing businesses! - VMS ; except the ones running vms ... it mentions power grids ... aren't most power grids on vms? http://www.cnn.com/2007/TECH/11/29/f...ets/index.html...

+ Reply to Thread
Results 1 to 10 of 10

Thread: bot infected computers in the millions - robing businesses!

  1. bot infected computers in the millions - robing businesses!

    except the ones running vms ... it mentions power grids ... aren't
    most power grids on vms?

    http://www.cnn.com/2007/TECH/11/29/f...ets/index.html

  2. Re: bot infected computers in the millions - robing businesses!

    In article <30c84d39-2c76-487f-83d7-67af32d8b57f@x69g2000hsx.googlegroups.com>, ultradwc@gmail.com writes:
    > except the ones running vms ... it mentions power grids ... aren't
    > most power grids on vms?
    >
    > http://www.cnn.com/2007/TECH/11/29/f...ets/index.html


    I am not in a position to read that article, but SCADA/ICS (Industrial
    Control Systems) like those used in power grids are the entire focus
    of Revision 2 to NIST 800-53. A draft was released earlier this month
    and the final is due in December "out of cycle" from the normal 2 year
    gap between Revisions. In their defense, NIST points out that it only
    applies to SCADA/ICS whose operators have been crying for guidance with
    regard to NIST 800-53 in their environments.

    Of course NIST 800-53 only applies to US Federal operations - in the
    SCADA/ICS arena that would be things like the Tennessee Valley Authority
    for power distribution. But meanwhile, a private industry group has
    proposed some minor changes to their corresponding standard (whose
    designation I do not recall) and got a strongly worded comment from
    a couple of people at NIST pointing out how inadequate the power
    industry document is compared to 800-53. This concern about private
    power operators is being driven by the Department of Homeland Security.

  3. Re: bot infected computers in the millions - robing businesses!

    In article , Kilgallen@SpamCop.net (Larry Kilgallen) writes:
    >
    >
    >In article <30c84d39-2c76-487f-83d7-67af32d8b57f@x69g2000hsx.googlegroups.com>, ultradwc@gmail.com writes:
    >> except the ones running vms ... it mentions power grids ... aren't
    >> most power grids on vms?
    >>
    >> http://www.cnn.com/2007/TECH/11/29/f...ets/index.html

    >
    >I am not in a position to read that article, but SCADA/ICS (Industrial
    >Control Systems) like those used in power grids are the entire focus
    >of Revision 2 to NIST 800-53. A draft was released earlier this month
    >and the final is due in December "out of cycle" from the normal 2 year
    >gap between Revisions. In their defense, NIST points out that it only
    >applies to SCADA/ICS whose operators have been crying for guidance with
    >regard to NIST 800-53 in their environments.
    >
    >Of course NIST 800-53 only applies to US Federal operations - in the
    >SCADA/ICS arena that would be things like the Tennessee Valley Authority
    >for power distribution. But meanwhile, a private industry group has
    >proposed some minor changes to their corresponding standard (whose
    >designation I do not recall) and got a strongly worded comment from
    >a couple of people at NIST pointing out how inadequate the power
    >industry document is compared to 800-53. This concern about private
    >power operators is being driven by the Department of Homeland Security.


    Interesting. I don't have the time to dig into these NIST documents
    and I'd wager others here do not either.

    Would you care to elaborate some of the guidelines in this document
    and point out where/how VMS addresses them whereas some other OS may
    not?

    --
    VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM

    "Well my son, life is like a beanstalk, isn't it?"

    http://tmesis.com/drat.html

  4. Re: bot infected computers in the millions - robing businesses!

    In article , VAXman- @SendSpamHere.ORG writes:

    > Interesting. I don't have the time to dig into these NIST documents
    > and I'd wager others here do not either.
    >
    > Would you care to elaborate some of the guidelines in this document
    > and point out where/how VMS addresses them whereas some other OS may
    > not?


    Right after you summarize the Bible or Koran (your choice) in an essay
    of 500 pages or more :-)

    Actually the question is not whether VMS is naturally secure, but how
    it can be secured and whether the agencies are measuring the extent to
    which their systems have been properly secured.

    Interpreting AC-6 (Least Privilege) on VMS leads me to say that very
    few files should be World Read (message of the day) and no file should
    be World Write. Perhaps there is a file that all authorized users of
    a production system should be allowed to modify, but only in certain
    fashions. That is properly done with Protected Subsystems on VMS.
    The question is, has a particular agency gone to the trouble.

    800-53 has a "compensating control" mechanism which allows an agency
    to explain why they don't need to comply with some part of the document.
    It should be obvious to readers here why the NIST requirement for a
    minimum password length is unsafe, particularly in the face of an
    operating system that can do better.

  5. Re: bot infected computers in the millions - robing businesses!

    In article , Kilgallen@SpamCop.net (Larry Kilgallen) writes:
    >
    >
    >In article , VAXman- @SendSpamHere.ORG writes:
    >
    >> Interesting. I don't have the time to dig into these NIST documents
    >> and I'd wager others here do not either.
    >>
    >> Would you care to elaborate some of the guidelines in this document
    >> and point out where/how VMS addresses them whereas some other OS may
    >> not?

    >
    >Right after you summarize the Bible or Koran (your choice) in an essay
    >of 500 pages or more :-)


    I can sum them up in one word!

    --
    VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM

    "Well my son, life is like a beanstalk, isn't it?"

    http://tmesis.com/drat.html

  6. Re: bot infected computers in the millions - robing businesses!

    VAXman- wrote:
    > In article , Kilgallen@SpamCop.net (Larry Kilgallen) writes:
    >
    >>
    >>In article , VAXman- @SendSpamHere.ORG writes:
    >>
    >>
    >>>Interesting. I don't have the time to dig into these NIST documents
    >>>and I'd wager others here do not either.
    >>>
    >>>Would you care to elaborate some of the guidelines in this document
    >>>and point out where/how VMS addresses them whereas some other OS may
    >>>not?

    >>
    >>Right after you summarize the Bible or Koran (your choice) in an essay
    >>of 500 pages or more :-)

    >
    >
    > I can sum them up in one word!
    >


    I could think of at least two words that might be applicable; one if you
    accepted childhood indoctrination and another if you rejected it. But I
    don't think there is any bridge over that particular chasm! ;-)

    "Coito ergo sum!" - Randall Garrett



  7. Re: bot infected computers in the millions - robing businesses!

    On Fri, 30 Nov 2007 07:05:58 -0800, Richard B. Gilbert
    wrote:

    > "Coito ergo sum!" - Randall Garrett
    >


    gee!

    --
    PL/I for OpenVMS
    www.kednos.com

  8. RE: bot infected computers in the millions - robing businesses!


    > -----Original Message-----
    > From: ultradwc@gmail.com [mailto:ultradwc@gmail.com]
    > Sent: November 29, 2007 3:49 PM
    > To: Info-VAX@Mvb.Saic.Com
    > Subject: bot infected computers in the millions - robing businesses!
    >
    > except the ones running vms ... it mentions power grids ... aren't
    > most power grids on vms?
    >
    > http://www.cnn.com/2007/TECH/11/29/f...ets/index.html


    Yes - many power grids are run by OpenVMS.

    Recent SCADA Windows to HP OpenVMS Integrity migration testimonial:
    http://www.vista-control.com/itanium_success.htm
    "Los Alamos, February 15th. 2007 After implementing mission-critical systems
    on Windows-based computers for many years, a customer experienced a virus in
    one of these systems that shut down production for two days while the infected
    systems were diagnosed, restored and tested. The impact was that plant
    production was severely impacted at no small cost. Despite internal opposition
    because of the established standard, Vsystem on HP Itanium servers running
    OpenVMS was chosen for the next system to be replaced." [see rest of article]

    Another recent SCADA article:

    QEI Provides Active/Active SCADA with OpenVMS: (September 2007)
    http://www.availabilitydigest.com/pu...s/0209/qei.pdf
    Extract:
    "QEI's current SCADA system, TDMS-PLUS (Total Distribution Management System),
    focuses on the monitoring and control of electrical power substations used for
    the distribution of power to electric utility customers and transit systems..
    Built on the highly reliable and secure HP OpenVMS platform, TDMS-PLUS provides
    extreme availabilities through the use of dual, triple, or quadruple active/active
    redundancy in disaster-tolerant configurations." [see rest of article]


    Regards

    Kerry Main
    Senior Consultant
    HP Services Canada
    Voice: 613-592-4660
    Fax: 613-591-4477
    kerryDOTmainAThpDOTcom
    (remove the DOT's and AT)

    OpenVMS - the secure, multi-site OS that just works.



  9. Re: bot infected computers in the millions - robing businesses!

    In article ,
    "Tom Linden" writes:
    > On Fri, 30 Nov 2007 07:05:58 -0800, Richard B. Gilbert
    > wrote:
    >
    >> "Coito ergo sum!" - Randall Garrett
    >>

    >
    > gee!
    >


    Does that really mean what I think it does? :-)

    bill

    --
    Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
    bill@cs.scranton.edu | and a sheep voting on what's for dinner.
    University of Scranton |
    Scranton, Pennsylvania | #include

  10. Re: bot infected computers in the millions - robing businesses!

    Bill Gunshannon wrote:
    > In article ,
    > "Tom Linden" writes:
    >
    >>On Fri, 30 Nov 2007 07:05:58 -0800, Richard B. Gilbert
    >> wrote:
    >>
    >>
    >>>"Coito ergo sum!" - Randall Garrett
    >>>

    >>
    >>gee!
    >>

    >
    >
    > Does that really mean what I think it does? :-)
    >
    > bill
    >


    Yes it does. If I translated into the English crudity, we'd have to
    x-rate it! ;-)


+ Reply to Thread