Installing a compiler by default
Lee Revell
rlrevell at joe-job.com
Tue Jun 13 20:21:40 BST 2006
On Tue, 2006-06-13 at 15:07 -0400, Shawn McMahon wrote:
> Yes; it's yet another tool. Ever heard of "information leakage"?
> It's a broad term for a common class of security bugs. Fixing them is
> security by obscurity. If you ask me my Social Security Number in
> this thread, and I refuse to respond by telling you what it is, I'm
> practicing security by obscurity. Would you agree that this doesn't
> decrease my security by giving me a false sense of security?
A more apt analogy would be if your SSN is posted somewhere on the net
such that I can trivially Google it, but you don't know that. Then I
would argue that yes, you are less secure because you think the
information is secret but it's not, so you don't take any counter
measures like monitoring your credit report.
(Of course what's really insane is that an SSN, which many states use as
your drivers license number and colleges use for a student ID, is
essentially the password to steal your identity but that's another
thread)
Anyway this is interesting, I was under the impression that there was a
consensus among security experts that security by obscurity is
ineffective. But googling a bit I see that there is some controversy in
this area.
Lee
More information about the sounder
mailing list