Full Disclosure mailing list archives

Re: "security by obscurity"

From: Niels Bakker <niels=netsys () bakker net>
Date: Sun, 8 Dec 2002 16:30:08 +0100

* SkyLined () edup tudelft nl (Berend-Jan Wever) [Sun 08 Dec 2002, 06:08 CET]:

Hmmmm...
... isn't hiding your root password security through obscurity ?
... isn't hiding your private PGP key security through obscurity ?
... isn't 90% of security based on these kinds of obscurity ?


No.  You are confusing risks, vulnerabilities and threats.  The
application of "security through obscurity" to your root password would
be not having one and allowing root logins over the network, meanwhile
hoping that nobody will try to log in as root.


        -- Niels.

-- 
"War is God's way of teaching Americans geography."
                -- Ambrose Bierce, writer (1842-1914)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

UN support for "security by obscurity" Richard M. Smith (Dec 06)
- Re: UN support for "security by obscurity" Brian Hatch (Dec 06)
  - Re: UN support for "security by obscurity" Rick Updegrove (Dec 07)
    - *Including* Security through obscurity measures is good. Brian Hatch (Dec 08)
- Re: UN support for "security by obscurity" Georgi Guninski (Dec 07)
  - Re: UN support for "security by obscurity" Michal Zalewski (Dec 07)
- Re: UN support for "security by obscurity" Brian McWilliams (Dec 07)
  - "security by obscurity" Berend-Jan Wever (Dec 07)
    - Re: "security by obscurity" Niels Bakker (Dec 08)
    - Re: "security by obscurity" Georgi Guninski (Dec 09)
    - Re: "security by obscurity" Roland Postle (Dec 09)
- <Possible follow-ups>
- RE: UN support for "security by obscurity" Schmehl, Paul L (Dec 07)