----- Original Message -----
From: "Heald, Tim" <[EMAIL PROTECTED]>
Date: Tuesday, March 23, 2004 4:28 pm
Subject: RE: Securing CF Apps.
> Why do I need someone to agree with me? I have my own mind. I
> can asses
> the objective reality of whether I feel something is useful to me.
> You
> should check out some Ayn Rand some time.
>
> --
> Timothy Heald
> Web Portfolio Manager
> Overseas Security Advisory Council
> U.S. Department of State
> 571.345.2319
>
> The opinions expressed here do not necessarily reflect those of
> the U.S.
> Department of State or any affiliated organization(s). Nor have these
> opinions been approved or sanctioned by these organizations. This
> e-mail is
> unclassified based on the definitions in E.O. 12958.
>
> -----Original Message-----
> From: Kwang Suh [EMAIL PROTECTED]
> Sent: Tuesday, March 23, 2004 6:28 PM
> To: CF-Talk
> Subject: Re: Securing CF Apps.
>
>
> This is precisely why my security co-worker was so adament against
> obfuscation: absolutely no one can agree on its usage and usefulness.
>
> ----- Original Message -----
> From: Jochem van Dieten <[EMAIL PROTECTED]>
> Date: Tuesday, March 23, 2004 2:53 pm
> Subject: Re: Securing CF Apps.
>
> > Dave Watts wrote:
> > >> I used to work with a security/cryptology expert. His #1 rule:
> > >>
> > >> "Never, ever use obfuscation".
> > >
> > >
> > > While I wouldn't categorize myself as a security expert, much
> > less a
> > > cryptologist, I would disagree with this. At the very least,
> I'd
> > amend it to
> > > "Never, ever use obfuscation as your sole method of security."
> >
> > I would amend it differently:
> > "Never, ever use obfuscation if it adds complexity for yourself."
> >
> >
> > > There is nothing wrong with "security through obscurity", as
> > long as you
> > > don't rely on it as your only protection. I would draw an
> > analogy between
> > > computer security and getting shot at. When you're being shot
> > at, there are
> > > two sorts of protection you might resort to. You might take
> > cover by getting
> > > behind a solid object that can block fire. You might conceal
> > yourself behind
> > > something that would obscure you as a target. When you're
> > getting shot at,
> > > cover and concealment are both useful; concealment won't stop
> a
> > bullet, but
> > > it'll lessen the likelihood of people shooting in your
> > direction. Ideally,
> > > you want both cover and concealment, of course, if for no
> other
> > reason than
> > > to avoid the stress of being shot at.
> >
> > Unless you have cover by an object that will stop the small arms
> > fire from the other side, but at the same time so well concealed
> > your side doesn't see you and you die from 'friendly' fire when
> > your side bombs the opponent.
> >
> > Obfuscation can hurt the obfuscator, just like a firewall can
> > introduce a risk to an otherwise well protected computer.
> >
> > Jochem
> >
> > --
> > I don't get it
> > immigrants don't work
> > and steal our jobs
> > - Loesje
> >
> >
> >
> _____
>
>
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
