Alright, I
admit it. I love OpenVMS clusters, I enjoy having a DECWindows session
and impressed by its Common Desktop Environment. Not only is it cool
to use Digital Command Lines but this Operating System survived the
DEFCON 9 CTF which proves to be one of the most secured operating systems.
Some OpenVMS clusters have programming languages like ADA, PASCAL, C,
MACRO-11, FORTRAN, BASIC, etc.
And because
of its security, there are some misconceptions like “you are anonymous
and safe when you login to a public OpenVMS cluster just because it
is secured”. But is it really the case? But the Internet itself is
not anonymous by definition but let’s not discuss about that anonymous
thingy since we are talking about OpenVMS clusters here. It’s just
like free Linux and Unix shell accounts, wherein your IP is also visible
by other users who are login to the cluster. Even guest and demo accounts
in public OpenVMS clusters, can issue the commands like 'SHOW USERS’
and ‘FINGER’. The user has also the option to list the specific
information of a certain user by typing the command “FINGER
USERNAME” which may show the IP, the real name, email address of the
user and also his last login.
I trust my
fellow users in public OpenVMS clusters but because there is a possibility
that some people who have malicious intentions will try to login in
a guest account that’s why I really don’t consider it as safe.
Thus, the rumors about OpenVMS clusters as being a private-user oriented
is not true but hey, it is still a secured operating system but that
also depends on the lock-down. My point here is that users should use
chain socks tunnels or VPN when logging in to SSH servers like shell
accounts and OpenVMS clusters just to be safe.
About the Contributor:
Shipcode
is a prolific blogger of ROOTCON and at the same time an InfoSec
enthusiast from Cebu. He was inspired to join ROOTCON as part of the
core team to share his knowledge in information security. He encourages
other like minded individuals to come forward and share their knowledge
through blogging right here at ROOTCON Blog section.
ROOTCON is managed by like minded InfoSec professionals across the Philippines. All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.