[copied from a reply made to another member off-list]
>Then you are mistaken. Security through obscurity has long been
>repudiated by knowledgeable security folks, dating from collquia of
>locksmiths and the debates about whether weaknesses in locks should
>be kept secret or shared among members of the trade.
My challenge is to define "members of the trade" here. We're not
talking about locks, but software, which by its very nature is easily
transportable and reconfigurable - and quite easy to duplicate by
anyone who has access to a computer and a floppy disk (or CD-RW drive
:-)). Also, if a hacker, by perusing the "open" architecture for a
security product, chances upon a flaw, then can we rely on him to
report the flaw to the producer, or more likely use it for his own
profit?
>You also seem to be misguided about "hackers." For the most part,
>for every clever person who finds a weakness and develops exploit
>code, there are tens of others -- pimply teenagers with delusions
>of grandeur -- who download the code and exercise it.
Precisely.
Brian
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
