Re: Security through obscurity, etc.

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: jsz: "Re: Security through obscurity, etc."
• Previous message: Casper Dik: "Re: SunOS's xterm pb : again !"
• In reply to: James M. Chacon: "Re: Security through obscurity, etc."
• Next in thread: Leo Bicknell: "Re: Security through obscurity, etc."

On Tue, 13 Dec 1994, James M. Chacon wrote:

> Wrong...I've used the information in CERT advisories to give me a good idea
> where and what I'm looking for. I've "reverse-engineered" so to speak a fair
> amount of Cert's announcements into actaul problems I could show people around
> here. All Cert's announcements do is delay the time people get to even know
> a bug exists....I'm not really for the 8lgm concept completely, but at least
> there they don't feel this overwhelming need to not hurt the various
> manufacturers feelings....

Poor comparison.  A script that guarantee's root on a site is equal to a 
CERT advisory?  I don't know which advisories your reading.  (send me one?).

The difference is too large to even argue about.  A CERT advisory doesn't 
give root to someone on any unprotected system on the Internet.  Perhaps 
1 in 10 people will figure out the problem, would you rather have 10 out 
of 10 people be guaranteed to?

Think about it.

- Oliver

• Next message: jsz: "Re: Security through obscurity, etc."
• Previous message: Casper Dik: "Re: SunOS's xterm pb : again !"
• In reply to: James M. Chacon: "Re: Security through obscurity, etc."
• Next in thread: Leo Bicknell: "Re: Security through obscurity, etc."