Discussion Topic |
|
This thread has been locked |
Ken M
Mountain climber
Los Angeles, Ca
|
|
On this, I agree with Reilly.
Why should the plots not be disclosed?
Because then still-unknown-plotters will know what things have been tried, and failed, and be searched for. We haven't had anyone try to smuggle explosives in their shoes after the fires, have we?
There is a tendency for relatively simple plotters to try the same things, thinking that they are being very original. They are not. Once those things are identified, they are generally easy to spot.
Relatively brilliant plotters are another matter, although they can fall into the same trap.
It is better that what is foiled is not disclosed.
|
|
NutAgain!
Trad climber
South Pasadena, CA
|
|
The problem with "security through obscurity" is that you assume the folks you are trying to hide it from don't have access to the info. Like, oh say, the vulnerabilities that NSA teams were working on for hacking its targets.
Information is power, but it is too difficult to control the flow of it when humans are involved.
So, it is a very brittle model. Inexperienced software developers often try to develop proprietary security mechanisms that they think are brilliant... and the typical failure mode is that it gets little review from smarter and more experienced people, and as such there are grievous errors embedded in the solution that smarter people exploit. Far better to have more eyeballs involved, and rely on the motivation of personal desire for fame/recognition/career-promotion that causes white-hat security people to call out the errors.
Either make it secure for real by the standards of a big collection of smart experienced people, and out in the open for all to vet, or just bury an abscess that the truly bad guys know how to find and exploit. It is hubris to assume that the folks on your side are smarter than the folks on the other side.
If you just want to go for an 80/20 approach to solving the problem (i.e. make 20% effort to get 80% of the security coverage), then sure use obscurity and block the idiot criminals, but don't expect to stop the good ones too.
|
|
Ballo
Trad climber
|
|
Jan 11, 2018 - 11:24am PT
|
Second developer of WikiLeaks inspired submission system "SecureDrop", security expert James Dolan, aged 36, has tragically died. He is said to have committed suicide. The first, Aaron Swartz, is said to have taken his own life at age 26, after being persecuted by US prosecutors. https://twitter.com/wikileaks/status/950866357347905537
|
|
|
SuperTopo on the Web
|