[rescue] oVMS vuln

John Floren john at jfloren.net
Wed Feb 7 17:48:41 CST 2018

On Wed, Feb 7, 2018 at 1:52 PM, Bill Bradford <mrbill at mrbill.net> wrote:
> oops.
> https://www.theregister.co.uk/2018/02/06/openvms_vulnerability/

"Since OpenVMS installations tend to only grant access to trusted staff[...]"

Or, in the case of my alma mater until a few years ago, the entire
student body...

That would have been a fun one to know about back in the day. For
starters, I could have kicked off all the rest of the buggers who were
trying to register for classes, ensuring I could get my desired
classes myself.

(This wasn't 1989, this was RIT from 2005 to 2010. They had IIRC 4
vaxen and 4 Alpha boxes running VMS in a cluster. You'd pick one, log
in, then run the program which connected you to the *offsite class
registration mainframe*. The other options for class registration were
an automated phone system and a perpetually-overloaded web site, so
"the VAX" as people called it was still the fastest option. Most of
the other university IT facilities were quite good, honest; for
instance, even the residence halls got routable IPv4 addresses with
only incoming port 25 filtered)


More information about the rescue mailing list