Jon Kibler wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Anton Chuvakin wrote: >>> same answer: "I don't participate in security theater." I think this >> First, I am amazed how people so intelligent can hold opinions so >> shortsighted :-) > > I unquestionably stand by my assertion that PCI DSS is pure security > theater at its worst. Perhaps you do not understand the concept of > "security theater"?
Security theater does in fact have uses. Secrecy can be a strong line of defense and psychological barriers are in fact barriers, as we are dealing with human beings. So, security by obscurity is an extremely useful tool, the problem is when it is the only one, it then becomes a single, lonely, point of failure, and potentially a waste of resources (TSA). Naming misuse of Security by Obscurity "Security Theater" gives it negative connotations. It already had enough on its own. I'd be interested in how people implement it successfully, as obviously the way the industry just disses on it, is raising a generation of security professionals who don't understand secrecy or how human nature is manipulated positively, rather than just negatively. I don't see anyone here dissing on the underline concept of egress filtering just because most frak it up. Think for yourselves, people. Semi related, Imri and I wrote an article on how security theater can work, and how it in fact helps stop terrorist bombing in Israel. You can find it here: http://www.csoonline.com/article/468569/Sometimes_Security_Theater_Really_Works (URL may break, so: http://tinyurl.com/5u2qmq) Gadi. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
