On Tue, Mar 24, 2009 at 5:23 PM, Benjamin April <ben_ap...@trendmicro.com>wrote:
> A layer of security is nothing more than a > time-delay device. Some layers provide more delay > than others. Very often the so called "security > theatre" provides a delay equal to the time spent > studying it for weaknesses. > > Security theatre and security by obscurity suffer > from the same weakness in that once the attacker > know what is going on behind the curtain the > benefit is negated. Either is a valid layer of > secruity IMHO, however it must be accepted that > once breached all value is lost. > Let's consider a terror attack. While this may be true for planner, the man actually carrying out the attack might not see things as clearly. While being under the stress of the attack, he might not have the clarity of mind to go through a check without looking very nervous and alerting the guard. Furthermore, if you accept that some security checks depend on the thoroughness of the guard, then when an attacker decides to face the guard, he is taking the chance that the guard will not be thorough. Under these circumstances, he might decide to attack a different place, with less chance of being stopped, even if it means less casualties. If you accept that, then you agree that even if the attacker knows about the security theater, it still prevents him from implementing his original attack. -- Imri Goldberg -------------------------------------- www.algorithm.co.il/blogs/ -------------------------------------- -- insert signature here ----
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
