Security & Such
I was interviewed last week by a Chicago computer magazine about network and host security. Most of it revoled around correcting the general misconceptions about all to evil hackers who are exploiting esoteric code to gain access to systems — the fact, of course, is most security breaches occur because of misconfigured or unpatched systems which are exploited by script-kiddies, or are the result of the deadly combination of Microsoft IE and Outlook. Anyway, the discussion of Security through Obscurity came up, and I was reminded of past attempts to achieve the same goal through the same means. The Pharoes tried this tactic and killed their tomb builders to ensure security — didn’t work well in that senario either. Perhaps we should follow and kill app developers so as to hide thier secrets. . . . . One is about as silly as the other. Only by allowing source code to be reviewed and tested, can real app security be a goal, because sooner or later someone will stumble across your tomb . . . .
This entry was posted by steve on Tuesday, August 20th, 2002 at 10:37 pm and is filed under Internet. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Have your say
Fields in bold are required. Email addresses are never published or distributed.
Some HTML code is allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>URIs must be fully qualified (eg: http://www.domainname.com) and all tags must be properly closed.
Line breaks and paragraphs are automatically converted.
Please keep comments relevant. Off-topic, offensive or inappropriate comments may be edited or removed.