Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security through obscurity, etc.

From: iceman () MBnet MB CA (Oliver Friedrichs)
Date: Tue, 13 Dec 1994 11:45:57 -0600 (CST)

On Tue, 13 Dec 1994, James M. Chacon wrote:


Wrong...I've used the information in CERT advisories to give me a good idea
where and what I'm looking for. I've "reverse-engineered" so to speak a fair
amount of Cert's announcements into actaul problems I could show people around
here. All Cert's announcements do is delay the time people get to even know
a bug exists....I'm not really for the 8lgm concept completely, but at least
there they don't feel this overwhelming need to not hurt the various
manufacturers feelings....


Poor comparison.  A script that guarantee's root on a site is equal to a 
CERT advisory?  I don't know which advisories your reading.  (send me one?).

The difference is too large to even argue about.  A CERT advisory doesn't 
give root to someone on any unprotected system on the Internet.  Perhaps 
1 in 10 people will figure out the problem, would you rather have 10 out 
of 10 people be guaranteed to?

Think about it.

- Oliver
Previous By Date Next
Previous By Thread Next

Current thread: