[ On Thursday, June 7, 2001 at 11:47:06 (-0700), Andrew Gerweck wrote: ] > Subject: RE: SECURITY.NNOV: Netscape 4.7x Messanger user information retrival > > Doesn't security by obscurity have some value? Quite the opposite when it misleads people into a false sense of security. > I'm trying to avoid a flamewar by repeating: obscurity is not a good > security policy. It is often useful to treat it as completely > valueless. I'm simply suggesting that it's not valueless in all > cases, and we understand unnecessary information disclosure to > represent a security problem, instead of dismissing it. It's only of value when its full implicatoins are understood completely by those using it. Sometimes the best place to hide something *is* in plain view, but if you don't know that's what you're actually doing then you may not have hidden it properly at all. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoodsat_private> <woodsat_private> Planix, Inc. <woodsat_private>; Secrets of the Weird <woodsat_private>
This archive was generated by hypermail 2b30 : Sun Jun 10 2001 - 16:51:21 PDT