Bugtraq mailing list archives
Re: Security through obscurity, etc.
From: rich () paris intertv com (Richard Forno)
Date: Tue, 13 Dec 1994 09:03:54 +0500
At least you can't use CERT's advisory to crack root on a site, and wipe out important files; 8lgm's advisories were, and in fact are being used for those purposes as well. ---- End Included Message ---- Well, I for one, as a net admin/COMPSECO would rather see HOW a cracker can get root on my machines, versus CERT saying "Well, they can, we know how, and here's who to talk to to get the patch, but they won't tell you the way it works." CERT is good for announcements and industry-wide stuff, but I'd prefer 8lgm to CERT in terms of quality info and fixes. Besides, it's not like the information is secret, people WILL find out. Why not post it early on so's we can defend against such an attack? Information can be used for both honorable and dishonorable purposes. Our task is to know the difference. My two cents, flames send to /dev/null. :) rf
Current thread:
- Re: Security through obscurity, etc., (continued)
- Re: Security through obscurity, etc. jsz (Dec 13)
- Re: Security through obscurity, etc. joshua geller (Dec 13)
- No more religious wars please! (was Re: Security through obscurity, Christopher Samuel (Dec 13)
- Re: Security through obscurity, etc. James M. Chacon (Dec 13)
- Re: Security through obscurity, etc. Oliver Friedrichs (Dec 13)
- Re: Security through obscurity, etc. Leo Bicknell (Dec 13)
- Re: Security through obscurity, etc. Oliver Friedrichs (Dec 13)
- Re: Security through obscurity, etc. Jim Littlefield (Dec 14)
- Re: this is interesting... Paul 'Shag' Walmsley (Dec 13)