RE: Secrecy foe scrubs data on Interne

From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Fri Oct 12 2001 - 08:24:58 MDT


> Secrecy foe scrubs data on Internet
> http://www.msnbc.com/news/641578.asp
> Federation of American Scientists yanks 200 Web pages

This is why "security by obscurity" doesn't work. A safe is not very secure
if there is a trick to getting into it. A tank isn't very secure if it has
a vulnerable spot. An operating system isn't very secure if it has a
backdoor. Keeping these vulnerabilities secret is a very poor approach to
security. This is not really security, it is "obscurity".

Real security is when encryption algorithms are published and they still are
difficult to crack. Or when a safe is physically obtained and analyzed, and
it is still difficult to enter. Or when an operating system is known and
document, and is still difficult to hack.

Anybody who hides information in the name of security is admitting that
their stuff probably isn't really secure and that anybody who finds out
about its vulnerabilities can get in.

--
Harvey Newstrom <www.HarveyNewstrom.com>
Principal Security Consultant, Newstaff Inc. <www.Newstaff.com>
Board of Directors, Extropy Institute <www.Extropy.org>
Cofounder, Pro-Act <www.ProgressAction.org>



This archive was generated by hypermail 2b30 : Sat May 11 2002 - 17:44:13 MDT