Slashdot Mirror
Why Chinese Hacking Is Only Part of the U.S. Security Problem
An anonymous reader writes "Cyber espionage, crime, and warfare are possible only because of poor application or system design, implementation, and/or configuration,' argues a U.S. Air Force cyber security researcher. 'It is technological vulnerabilities that create the ability for actors to exploit the information system and gain illicit access to sensitive national security secrets, as the previous examples highlight. Yet software and hardware developers are not regulated in the same way as, say, the auto or pharmaceutical industries.' 'The truth is that we should no longer accept a patch/configuration management culture that promotes a laissez-faire approach to cyber security."
US security sucks? Now, now, there's no need to become all yoddle! After all, the US has been propagating that which is unseen to the foreign admissive. Why don't we all just get all along, and become brothers in rancid?
First off, demand that every software vendor provide a list of files that their product installs, where those files are installed by default and different checksums/hashes/etc for them.
It should be possible to boot a machine with a live CD (or PXE) and inventory every single file on that machine and identify the origin of each of them.
At least you'd know whether a machine was cracked or not.
Right now, with existing anti-virus, all you can say is that a machine does not have anything that matches the signatures that you have right now.
Start with designing operating systems that are secure and language enviromnments that are secure rather that feature rich marketing shows. Don't put the blame on the programmers that have to work with shoddy designed infrastructure. Change the infrastructure.
I find the summary to be quite myopic in terms of security -- it thinks that there's a technological solution for every security problem. In reality, as long as humans have access to data -- they can be deceived, tricked or otherwise made to inadvertently disclose said information to a third party. I doubt there will ever be a technological solution to address this 100% -- you can make walls and try to idiot-proof your network, but then you will discover that someone has invented a better idiot.
.....In an hour, you'll be hungry again.
The whole idea that China should be 'held responsible' for the hacking is just plain silly on it's face. Governments and private corporations have been spying on each other ever since the first cave man tried to keep a secret.
Can you imagine during the cold war of the US President went to Stalin and said "please stop spying on us"? Because that's exactly what's been suggested here.
sounds like an excuse to spend more money, on more stuff that they already have/don't need.
take a look at the IT/data security invested in the automotive/pharm industry, and then ask yourself, "well, why are they so secure?"
Do you expect medical professionals to be able to cure every disease and infection ever? Do you expect automotive engineers to be able to build mechanically perfect vehicles? No. Of course the attitude the majority of people take towards online security is a joke, but no more so than saying "Cyber espionage, crime, and warfare are possible only because of poor application or system design, implementation, and/or configuration."
Cyber espionage, crime, and warfare exist through the same mechanisms that allow viruses to become resistant to treatment: adaptation. Systems can be designed to be harder to break, systems can't be made to be impenetrable. The language used in this article is just the same old IT-focused yellow journalism we've all come to expect on the subject.
That is: someone who actually argues that Chinese hacking is the entirety of the U.S. security problem?
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
In mainstream corporations none of this is going to happen until security issues impact the bottom line. And then it will be corps typical approach, of addressing specific instances. The military too, Adobe and Windows are used all over the place.
. . .U.S. Air Force cyber security researcher. . .
So, is Captain Obvious and actual captain?
That is: someone who actually argues that Chinese hacking is the entirety of the U.S. security problem?
Yea - Sergei from totallylegitbankwebsite.ru
An enigma, wrapped in a riddle, shrouded in bacon and cheese
i am a cyber security student and i believe that this post has some relevance. too many software companies put out beta this and beta that. this gives people the opportunity to figure you out and find backdoors. if developers worked closer with security professionals i believe that there would definitely be a better approach to releasing software. i mean when they release a new pharmaceutical, we know the 2345623456345 side effects.
Cue the "But software is hard and we can't do it well" cries from the incompetent.
lies within people's curiosity on how to lose weight by learning this one secret tip. Yes. Dumb and fat.
Forget the arguments of "software - a non-regulated industry", that's noise. The reality is:
- Businesses: make hacking illegal and unload the cost to keep us secure to the govt; the businesses purpose is to make money not security
- Army: buddy, it worked for lulsec. But now you're on your own, we can't do it
Questions raise, answers kill. Raise questions to stay alive.
In one example I saw, the, um, mistake in security implementation was committed by a belarussian contractor who had a strong feeling against the U.S. oil interests in Georgia (Eastern Europe) and was working at a U.S. mega-corporation...
/.
Hiring certain political persuasions to do mission-critical work for mega-corporations is something I would look out for. I specifically mean hiring anti-U.S. personalities to perform work for U.S. infrastructure has its weaknesses.
When mega-corporations implement critical infrastructure (e.g. login credentials) they would be using sympathetic professional contractors, probably from the U.S., the U.K., France, Germany, Japan, Australia, New Zealand, Canda of course. Not BRIC. That's my 2c
Every piece of technology we use is made in China. And we're just now thinking about this??? Duh!!!
Karma: Bad
China or some other country or some domestic or international mafia. It would simply a disaster if the NSA data falls in the wrong hands. Given that all the financial institutions likely have backdoors, the NSA must have even that data freely available to them. Sickening to even imagine.
In light of recent discoveries, (PRISM, Verizon) who gives a crap what the Chinese do. We have massively bigger problems.
outsourcing lack of QA, golf course meetings, ect also plays a role even more so when IT is out of the loop and the PHB makes the calls.
NASA is the best in the world for bug-free software. NASA still has bugs in their software. Making people responsible for something that cannot be avoided is nonsense. Software security is not a solved problem. Mandating a certain approach to security is only going to slow down progress in finding better approaches, not to mention quadruple the cost of software development.
It is clear that they are talking specifically about technological vulnerabilities. Also, in the given context of a military/national security type of system, only trained personnel are allowed to access them. However imperfect, that's as good as it gets in terms of dealing with social engineering or the dumb-user problem.
Ever hear of Mata Hari?
http://en.wikipedia.org/wiki/Mata_Hari
It is clear that they are talking specifically about technological vulnerabilities. Also, in the given context of a military/national security type of system, only trained personnel are allowed to access them. However imperfect, that's as good as it gets in terms of dealing with social engineering or the dumb-user problem.
Ever hear of Mata Hari?
http://en.wikipedia.org/wiki/Mata_Hari
So a spy who lived before there were such things as computers, is your example of a social engineering attack against trained US military personnel who handle classified documents?
Planting a spy on the inside is not a social engineering attack. You do know that, right? And hackers within the borders of China are not members of the US military or employees of sensitive defense contractors or employees of companies designing critical infrastructure. You know that too, right?
I'll have to try that out sometime, just spouting some irrelevant BS that seems related in the vaguest possible way but doesn't actually have anything to do with the subject being discussed, and then acting like I really made a great point. I am curious how it feels to deceive oneself to that degree.
A thug with a crowbar in meat-space is no different than some hacker on the Internet with a SQL injection.
Automobiles, airplanes, nuclear power plants, bank vaults, and other physical constructions are regularly identified with security flaws or weaknesses.
You know how to hack an armored Humvee full of infantry? With an IED. Life is dangerous. So is the Internet.
Most people don't live in bunkers. We accept the risk that all types of horrible things can happen, and we worry not. Wood and brick houses are regularly leveled by Mother Nature. We could all live underground, but we don't (well, those of us no longer in our parent's basement). People in Florida, Oklahoma, and Kansas could invest in hardened building construction processes and rebuild after a storm with concrete and high tech alloys, but they don't. Wood houses replace the splinters of the last house a tornado shredded, and people move right back in. New Orleans flooded, and people moved back into the below-sea-level bowl.
Stop thinking in abstract, academic terms. Life isn't black & white. We live in shades of gray, where no position, method or object is absolutely secure.
Life is full of imperfections. Humans make mistakes. Entropy. Chaos. Envy. Greed. Hatred. Sh*t happens (aka Acts of God).
Computer security flaws are "surprising" only to the fools who think the world is safe. Given that technology has reduced the distance between tribes, we're all witness to see how friendly humankind really is, err, isn't.
If you've ever been on the wrong side of war, mugging, rape, or other acts of violence - even bullying - then you should know there are those among us that operate with an "eat or be eaten" mentality. Humans are still animals. That lock on your front door isn't going to stop thugs intent on a home invasion, because they're going to break through the window, or crowbar the door-jam, or cut through the vinyl siding, drywall and a few inches of insulation with a machete...
The Internet and air travel has rendered all of us so close, we're holding hands. Americans in close quarters with the Chinese, Russians, and Islamic radicals... Are we all singing Kumbayah? Umm, no. People are doing what people do...we compete, steal, destroy, oppress, deceive, and occasionally rain Hellfires from above.
Just wait until nano, bio, and robotics really take off. Some kid in India may unleash Pandora's Box with a super-flu that wipes out a few billion of us, and this article we're reading is worried about computer documents?
Computer security is a fad, like bank security in the wild west. Give it a few decades, and it's all OBE as we move on to the next thing. A vault by itself doesn't stop the enemy, just as a computer by itself isn't impregnable. At some point, you need force-on-force conflict to effectively defend what's yours from others.
Do you really think there won't be another Alexander, Attila, Genghis, Caesar, Cortez, or Hitler? Humans can be loving, but they can also be ruthless. Terrorists are out there trying to reboot civilization so they can have an easier grab at power. Through dissolution of the family model, worship of the dollar, competition for resources and all sorts of other factors that come with scaling society beyond a village, we're just as likely to collapse under our own weight than to get off this rock and cruise the galaxy.
Be happy each morning you read Slashdot you're not in a burning skyscraper hundreds of feet up in the air among people screaming, waiting for everything to collapse...thinking about how insecure a city is to stand up against a couple dozen knuckleheads who were willing to trade their lives for thousands.
Enjoy the days of Chinese farming American secrets in cyber space, breaking into digital vaults. What comes next won't be so fun.
No. Won't happen.
The only people who think this way are hard-core security types and highly structured personalities. Those people aren't in charge of the important parts of the software creation and delivery systems. Furthermore, there's no one 'in charge' of this. It's as meaningless as suggesting that the 'boss of the Internet should ban child pr0n'.
From the demand side: Companies and consumers would balk at paying for this and would chafe at the extended QA cycles, longer product delivery times, and the general bureaucracy required to implement.
From the supply side: The vast majority of the technical workforce would resist the structure, restrictions, certifications, education and general bureaucracy required to implement.
Imagine the organization required to implement this. What IT union or professional organization has the power and conceded authority needed? There are very few and none even have the dominant position needed to grow into this role.
What universally recognized educational organization, qualification, certifying authority, or standards body has the status? While there are many, none dominate. There isn't even one achieving 'First among equals' status!
Let's just throw out a few names as a starting point. IEEE, IETF, CERT, OASIS, NIST, SEI, ITIL, COBIT, ISO-20000, ACM, ISACA, W3C, NIST, COMMON, Apple, Microsoft, Oracle, SAP, IBM, FOSS, RMS. I've almost certainly missed a few. See any in there with the leadership status required? See any there that don't have giant flaws? I don't.
This proposal is a barn door and it's missing a horse.
Is hard to be secure when you exploit 0day holes without warning the vendor to make Stuxnet and similar ones, or if you force companies to leave holes for you to enter. Those two policies are incompatible with being secure.
Also, putting people with access to virtually all (even private communications of companies/individuals) adds an specially weak point in the security. If politicians are so easy to bribe, why shouldn't be fbi/nsa agents or middle management?
so... are people (and the chinese) sooo gullible to believe that all the info gathered by the chinese is real, and not planted FUD ?
Almost every company does not care about anything that no one notices. Their MBA's weigh the cost of building something secure against their perceived chance of a security breach (or the chance they won't be at a different company when a breach occurs) and rarely are willing to pay.
Outsourcing hurts security, and every big company does it. Why? because its cheap. You may argue about the knowledge level of the employees overseas, but that isn't the point. If you want it secure, you want your own employees working on it. You want your code local, not sent to people unknown overseas.
Almost every company is cheap in this respect, big and small... At one Fortune 100 company I used to work for (that I can say with near certainty that almost every single adult in the US knows), I had access to SSN's for every employee in my division (over 200 employees) even though I did not need or request them, and to make it worse, they were in plain text.
That same Fortune 100 company failed a PCI audit due to having entire credit card numbers in plain text (among other problems). We did not get any funding to start the encryption project until after the credit card organization started handing us daily fines. We asked for funding to encrypt the SSN's at the same time and were denied. We were only allowed to fix the issues to stop the fines.
At a different much smaller company (of roughly 1000 employees), their users' passwords were not even encrypted. They were stored by reversing the sequence and a process similar to ROT-13. It was so bad, if I was looking at the database, I would be able to "decrypt" over 90% of them in my head. The scary thing... I was working for a credit card issuer (one you probably have NOT heard of) and the system was used for managing corporate credit cards including setting limits and issuing new cards (and the system was designed for public internet access used by many fortune 500 clients).
While I was there, there was a large redesign to the entire process. It was upgraded to allow automated password resets, forced password aging, and a new UI. We (the developers) requested to change the back end storage and were flatly denied.
To make matters worse, they wanted us to remove the ability to allow special characters. The reason? Corporate politics. A newer system (with more funding and better liked by the corp execs) did not allow special characters and we couldn't let our (un-liked, but more used) system be better. We were able to get a corporate security person to not have us forced to drop special characters, but we were not allowed to tell the users that we allow them. (I was already looking for a new job when this happened, and this made me redouble my efforts.)
The examples just prove corporations want to nickle and dime everything and only pay for the bare minimum. In addition management rarely understand tech (even in some so-called tech companies,) and you see why they would rather hire cheap programmers instead of quality programmers.
Until they are willing to pay for security they will not be secure. And now it seems that the worse thing that happens after a breach they pay for a year of "id theft monitoring." A year of monitoring if they get caught compared to paying for quality software development -- Which do you think most companies choose?
Looking for a job?
Want your resume written professionally?
DON'T USE TUNAREZ!!!
So, they regulate a software manufacturer to the point where very little in the way of features are getting accomplished in lieu of focusing on security fixes. Costs skyrocket for made-in-the-u.s.-absolutely-secure-software, meanwhile software made in India, Russia, China, etc. aren't beholden to the same regulations. Their software is cheaper, done sooner, and has all the features customers need. Software firms beholden to the regulations die off in droves. Problem solved, right?
The pharmaceutical industries have a lot of rules and procedures that need to be followed, to minimize risk to patients, and these rules are largely effective (sure, not completely, but killer drugs are pretty rare). The idea of 'release it now and fix it later' would never be tolerated in the pharmaceutical industry. Why can't the software industry aspire to similar safety standards? The idea that it is impossible to write perfectly secure code, where does that come from? Is that really true?
Stasis is death. Embrace change.
It's not outsourcing, developers, lazy users, the Chinese or any other of the above mentioned causes that are at the root here. The root cause is the operating systems we all run aren't secure by design.
Linux, OS_X, Windows, Android, and all the phones run systems which are based on the idea of users who can be trusted. This is a great idea for computer science departments of the 1970s, prior to wide scale networking and mobile code. The idea is just stupid in todays environment, and has just lead to a ton of patches over a ship made of sponge.
Capability based security reverse the bad assumption that you should base everything on trusting (or not) the user. The user isn't the problem. The software the user uses should be the problem, and focus of attention. Linux, OS_X, Windows, Android, etc. ALL trust a program with the resources of the user in question, which is NUTS (and has been quite a foolish thing to do since 1980)
The Genode project is working to bring a full-on capabilities based system together on top of an L4 secure kernel. In this OS, the user selects the resources to make available to the program at run time. This is better than App_Armor in that it's more flexible, and easier to work with. The best part is that capabilities already match the way we deal with non-computer based parts of our life.
Owe someone $15? You had them a $20, and they give you $5 back. The $20 bill was a capability, and the maximum you could lose. They can't trojan horse your money, and steal the rest out later.
Want to let someone borrow your car? You hand them the keys, and it gets them into your car... not all cars of that model, not your house, not your bank account. It's a capability, which accesses that one resource, not all of them.
Capabilities offer a way to fix computer security for good if enough people "get it" and push for its adoption.
The US Government is spying on it's citizens and most likely corporations and their secrets as well. Now that they have all this information collected, foreign 'hacker's be they state sponsored or otherwise can find more juicy information without needing to compromise as many systems. They are able to better target their attacks at systems that are ripe with collected data. Am I wrong?
That is: someone who actually argues that Chinese hacking is the entirety of the U.S. security problem?
Yes. In the same way that US govt hacking Chinese govt/military computers is entirely a Chinese security problem.
Similarly that US govt hacking Russian govt computers is entirely a Russian security problem. And similarly that Russian govt hacking British govt computers is entirely a British security problem. etc, etc.
Only Americans would think they can get a free pass because they are the US.
If you were including Chinese individuals (non-state), then it should be treated as any other criminal activities. Non-state individuals from around the world hacking US govt/military computers is STILL entirely a US security problem. Same with Russian, British, Chinese, etc.
Obama will attempt Blackmail on Chinese General Secretary of the Communist Party of China, i.e. President, Xi in exchange for 1 Trillion dollars ! Obama has a taste for money, like his tastes for male prostitutes and children prostitutes.
Part of the summary:
"Cyber espionage, crime, and warfare are possible only because of poor application or system design, implementation, and/or configuration,' argues a U.S. Air Force cyber security researcher. 'It is technological vulnerabilities that create the ability for actors to exploit the information system and gain illicit access to sensitive national security secrets, as the previous examples highlight.
It is clear that they are talking specifically about technological vulnerabilities. Also, in the given context of a military/national security type of system, only trained personnel are allowed to access them. However imperfect, that's as good as it gets in terms of dealing with social engineering or the dumb-user problem.
This isn't a corporate or customer environment they're talking about here. That might be all that you know, but it is not all that there is. These users are unlikely to mistake the CD-ROM for a cupholder. They aren't going to think an unfortunate Nigerian prince really needs their top-secret national security documents to transfer his money out of the country.
Please make the slight effort to comprehend what you read and to understand its context. The discussion is so much smoother that way.
I wish you could work with the "trained" personnel who operate some of our most important systems. Not only are many of them decidedly untrained but the culture enforced by military doctrine does not lend itself well to innovative or intelligent thinking. They just want people who will do the same thing consistently for years, regardless of if it is right or wrong. There are too many very complicated systems and not enough intelligent or highly trained people to get anywhere near close to manning all of them.
Planting a spy on the inside is not a social engineering attack.
Actually, yes, it is.
If the problem was a simple one to solve, we'd do it. I agree that software used by the military that puts lives at risk should be seriously vetted and rigorously controlled just like car designs and other the other devices he cites that can hurt people if faulty. But most other software is about making money with little to no risk of physical injury. Speed to market, flexibility, and risk acceptance makes trillions more dollars than the oft quoted but never substantiated billions in IP supposed lost (Who has billions USD to lose except publicly traded companies, and where are the disclosures?).
I'm not saying that rugged development and other security practices shouldn't be followed, but to suggest that we even could or should regulate the industry to protect it from perceived and unsubstantiated claims is nothing more than using FUD to support a security aesthetic position.
Server software that is very, very secure is possible. Look at, e.g. postfix, openssh, apache w/o modules, etc. It costs more, but the real issue is it has to be designed and implemented by people with strong secure software engineering skills. Today, secure software engineering is still rarely taught, and almost never as mandatory subject. As long as that continues, most software will suck security-wise, as secure software engineering requires a quite different mind-set from ordinary software engineering. It is however quite clear how to do it today. Techniques like privilege-separation, marking and tagging, secure containers, full input validation, etc. are well understood and cause massive increases in the difficulty to hack a system and can make it impossible. The problem is just that they are not used because so few people understand them.
My proposal: Make secure software engineering courses mandatory for any SW-Engineering and CompSci qualification. Then add high liability risks for all those that do not use these techniques to force management into abandonning shoddy practices.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
True, almost all software produced has quite a few security holes. I just fixed some security holes in online classes that - cybersecurity. These are courses put out by a well known government agency that specializes in safety and security, but that agency doesn't come close to securing it's own systems.
HOWEVER our buildings are also quite vulnerable to Chinese missiles. We haven't secured our shopping centers, our sports stadiums, or our power plants. China could very easily wipe out any of them. Does that mean we'd accept it if they did? If China shot down a US airliner would we say "eh, it's our own fault for not securing our airspace"? Of course not. We'd hold China accountable, very quickly. Probably within a matter of hours. That's the biggest failing - we've chosen to sit down and allow China to attack us for the last several years, with no real response from us.
Anyone can easily kick in the front door of your house. If they do so, we don't blame the victim for not having a six inch thick steel door. We throw the assailant in the slammer.
Probably, our software will never be secure for the same reasons our houses won't be secure - because security is HARD. It's much easier to break something than to build something. Building something that can't be broken is almost impossible. To be competent at software security takes about six years of training for a typical corporate programmer, one who doesn't really understand software engineering as a science. An otherwise skilled programmer could learn to make his good software into fairly secure software in three years. That's about, what an extra $40k - $60k per year for a programmer with several years worth of extra education / training. How many organizations are willing to pay that cost for secure systems?
I have fifteen YEARS of experience in software security, but no one is offering me a job that pays a reasonable salary, not when they can instead hire an idiot for $40K to create a heaping pile of garbage that mostly "works", for a year or two until he's in a different position.
I am a geek so, yesterday's revelations did not surprise me, because this kinda bullshit has gone for years now and I assumed all of the "hulla-balloo" that went viral were from people that have never gone on the internet or used a cell phone or have not taken a high school history course or have any knowledge of WW II. The buzz created yesterday was quite un-nerving to me because I never assumed that so many people were oblivious to this. I.T students run sortware, (I would imagine) like PRISM for learning networking purposes and I still use diagnostic tools that is open-source. I can see why people are so outraged beacause at the government does not help matter's given the verbage ie:(cyber-attacker/ national security) if I did not know binary..would comming off like and the So many I could not imagine life without the use of phones, computers and the internet and how my day which and how that how it relates same token I can how adversely see how So much of today's and how that can alter peoples .Cell Phoes l
ivelyhood, freedom ..
Anything engineered has potential by man can also be reverse-engineered by man I wished to God, people ...it is just the way it is If only people could understand
It is so un-nerving to me as to how un-educated people are and how sc am so bothered that is quite bothersome to me as to the l am a little unnerved Without getting dramatic Artificial Intelligence goes both ways and can altel help people relieze understand how many levels the "big picture". ( as to what the security, privacy, economic landscape year 2013 and h
Poor application doesn't come from lack of familiarity of poor training, however. It comes from tools which do not adequately expose functionality to the end users. Every time a tech argues "but technology X can do this you just need to learn how to do Y", he is dropping the ball. This argument was only appropriate when interfaces were limited by technological capacities (first due to being done in hardware such radio nobs and then due to lack computing power to do both interfaces and main application logic in software). Given the amount of computing power available today, inability to expose concepts to end users is 100% tech's fault. This goes not only for concepts exposed to consumers. This goes for tech produced for techs as well. Anyone who even thinks that a computer language should not be responsible for exposing hardware capacities in a way that does not tax anyone's attention span should be ashamed to even think about the subject and they should be much more ashamed of voicing their opinion on the subject. Dropping the ball on UX at every level of technology, given the capabilities of the modern technology, is why security features don't get properly used. They are not adequately exposed to the users. Cats can use ipads. Humans can use any technology if its interface is not designed by amateurs or hacks.
Any guest worker system is indistinguishable from indentured servitude.
When the DoD (that would be Dept. of Defense for the dummies who regularly read this site) issues the top security level (O-Ring) to Micro$oft's operating systems, and MS hands over their OS source code to the Chinese gov't, could be a major cause of the problem. Another major cause would be offshoring all those jobs to China --- offshoring all that technology to China --- offshoring all that investment to China (instead of corporate amerika amortizing into their country from which they are based, and should be expelled); said actions render this article posting completely ludicrous, written by a member of the species, ignoramus americanus!
. . .as I mention in a later comment, if all those tech jobs, technology and investment have been shipped to China, this would be the likely result, with generations of American students/workers rendered almost obsolete in their pursuit of IT employment.
Equating cyber to buildings is in no way equivalent in this analogy. Cyber is a much easier and effective means of breaching and compromising the US. Btw, the proposition that was voiced also solved your other issue of eliminating all the yahoos that entered into the IT field for the purpose of a "good salary" as there would be a higher expectation for performance on those remaining in the field. Yes it could potentially slow down the delivery of capabilities to customers potentially, but it would also shift the basis of software delivery from "get it out there because its 80%, no 70%, no wait 60% is good enough approach", to delivering a reasonable and responsible product. Other good news from this approach is that we may and up with a Microsoft product that ISN'T delivered with a promise that the issues of the prior version which were set to be resolved this version, will "really" be resolved in the next version. ;-) @IE
That's because my fellow Americans are greedy, lazy fucks. Step up niggas
Hackers did not not want develop on closed systems like DEC VMS with its deep levels of security. That was very painful for the few months i had to wrok with that. Now we are paying for this.