This is precisely why my security co-worker was so adament against obfuscation: absolutely no one can agree on its usage and usefulness.
----- Original Message -----
From: Jochem van Dieten <[EMAIL PROTECTED]>
Date: Tuesday, March 23, 2004 2:53 pm
Subject: Re: Securing CF Apps.
> Dave Watts wrote:
> >> I used to work with a security/cryptology expert. His #1 rule:
> >>
> >> "Never, ever use obfuscation".
> >
> >
> > While I wouldn't categorize myself as a security expert, much
> less a
> > cryptologist, I would disagree with this. At the very least, I'd
> amend it to
> > "Never, ever use obfuscation as your sole method of security."
>
> I would amend it differently:
> "Never, ever use obfuscation if it adds complexity for yourself."
>
>
> > There is nothing wrong with "security through obscurity", as
> long as you
> > don't rely on it as your only protection. I would draw an
> analogy between
> > computer security and getting shot at. When you're being shot
> at, there are
> > two sorts of protection you might resort to. You might take
> cover by getting
> > behind a solid object that can block fire. You might conceal
> yourself behind
> > something that would obscure you as a target. When you're
> getting shot at,
> > cover and concealment are both useful; concealment won't stop a
> bullet, but
> > it'll lessen the likelihood of people shooting in your
> direction. Ideally,
> > you want both cover and concealment, of course, if for no other
> reason than
> > to avoid the stress of being shot at.
>
> Unless you have cover by an object that will stop the small arms
> fire from the other side, but at the same time so well concealed
> your side doesn't see you and you die from 'friendly' fire when
> your side bombs the opponent.
>
> Obfuscation can hurt the obfuscator, just like a firewall can
> introduce a risk to an otherwise well protected computer.
>
> Jochem
>
> --
> I don't get it
> immigrants don't work
> and steal our jobs
> - Loesje
>
>
>
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
- Re: Stripping Alphas Charlie Griefer
- RE: Stripping Alphas J E VanOver
- RE: Securing CF Apps. Kwang Suh
- RE: Securing CF Apps. Barney Boisvert
- RE: Securing CF Apps. Andy Ousterhout
- RE: Securing CF Apps. Rob
- RE: Securing CF Apps. Tom Kitta
- RE: Securing CF Apps. Andy Ousterhout
- Re: Securing CF Apps. Kwang Suh
- RE: Securing CF Apps. Dave Watts
- RE: Securing CF Apps. Kwang Suh
- RE: Securing CF Apps. Heald, Tim
- RE: RE: RE: Securing CF Apps. Heald, Tim
- RE: Securing CF Apps. Heald, Tim
- Re: Securing CF Apps. Jochem van Dieten
- SPAM: RE: Securing CF Apps. Steve Milburn
- Re: SPAM: RE: Securing CF Apps. Jochem van Dieten
- Re: RE: Securing CF Apps. Kwang Suh
- RE: Securing CF Apps. Dave Watts
- RE: Securing CF Apps. Heald, Tim