Installing a compiler by default
Shawn McMahon
smcmahon at eiv.com
Tue Jun 13 20:07:23 BST 2006
On Tue, Jun 13, 2006 at 01:30:01PM -0400, Lee Revell said:
>
> But security measures that do not increase security actually make the
> system less secure, as it gives a false sense of security.
Non-sequiter. This one does increase security. You're mistaking
"doesn't provide absolute security all by itself" for "has no effect
whatsoever on security". A hammer does not provide a toolbox, but a
toolbox without a hammer is a poor toolbox.
> By your logic, security by obscurity is a valid defense.
Yes; it's yet another tool. Ever heard of "information leakage"? It's
a broad term for a common class of security bugs. Fixing them is
security by obscurity. If you ask me my Social Security Number in this
thread, and I refuse to respond by telling you what it is, I'm
practicing security by obscurity. Would you agree that this doesn't
decrease my security by giving me a false sense of security?
--
Shawn McMahon | "I can see the light at the end of the tunnel.
EIV Consulting | And now that I have some light, I can see the
http://www.eiv.com | tunnel needs painting too." - Steve Jackson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/sounder/attachments/20060613/d3f14fb5/attachment.pgp
More information about the sounder
mailing list