Frank Tegtmeyer wrote:
> Glenn R. Crownover wrote:
> > Just as an aside, the phrase "everyone else is using it"
> > could also be considered a downside when taking security
> > into consideration. The more something is used, the more
> > hackers know about it.
>
> When do people stop to make such statements? I would like to
> repeat my answer in the DNS thread - but I know it was a little
> bit rude.
>
> Security by obscurity is NO solution to security problems. It
> keeps people thinking they are secure when they really aren't.
The argument is not security through obscurity. The argument is
that attackers spend more time cracking a package that allows them to
exploit a larger number of hosts.
In the case of sendmail, it's also easier for attackers to spend
more time cracking a package that has a long and distinguished history of
security holes than one which has been reviewed and no integral holes were
found.
--
gowen -- Greg Owen -- [EMAIL PROTECTED]
