Steve Underwood wrote:
Steve Kennedy wrote:
On Sat, Oct 08, 2005 at 08:43:07PM +0300, Tzafrir Cohen wrote:
On Sat, Oct 08, 2005 at 11:59:04AM -0400, Mike M wrote:
On Sat, Oct 08, 2005 at 09:20:07AM -0400, Paul wrote:
Closed source might delay the cracker but it also delays pre-crack
and post-crack countermeasures.
What's the alternative? Open source? Cracking is unnecessary with
open
source.
Search a bit about "security by obscurity". Basically if the
security of
your system depends on a secret you can't easily change, it will get
exposed sooner or later. So you should design it to withstand such
leakage. E.g: change a password if it was exposed.
As this was related to Mastercard/Visa, they can allow open source,
however the software has to be certified to meet their security specs,
which may be harder to accomplish for open source.
It's not harder. It's just different. A number of things have similar
requirements. The ISDN4Linux folk have certain versions of their
software approved by the telecoms bodies in Europe. They need to tie
down exactly what was approved, so any other versions emit a notice
that says they are unapproved versions. They do this with a signature
on the approved version. It seems to work out OK.
Regards,
Steve
I think that the important thing to remember is that a good reverse
engineer can take the object code from a rom and produce source files
that are better commented than the original source ever was. I close my
source because it's mine and it's none of your business but I don't get
a false sense of security from doing that. There are people who
specialize in taking gate array chips apart in a very careful manner in
order to get the programmed logic patterns using a microscope. If I can
buy/build a good enough logic analyzer I can get what I need without
even powering down your product. So consider that if I can clone your
electronic key device, disassembling the binaries for your closed source
software is a minor obstacle.
_______________________________________________
--Bandwidth and Colocation sponsored by Easynews.com --
Asterisk-Users mailing list
[email protected]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
