Bugtraq mailing list archives

Re: Security through obscurity, etc.

From: rich () paris intertv com (Richard Forno)
Date: Tue, 13 Dec 1994 09:03:54 +0500


At least you can't use CERT's advisory to crack root on a site, and wipe
out important files; 8lgm's advisories were, and in fact are being used
for those purposes as well.
---- End Included Message ----

Well, I for one, as a net admin/COMPSECO would rather see HOW a cracker 
can get root on my machines, versus CERT saying "Well, they can, we know
how, and here's who to talk to to get the patch, but they won't tell you
the way it works."

CERT is good for announcements and industry-wide stuff, but I'd prefer
8lgm to CERT in terms of quality info and fixes. Besides, it's not like
the information is secret, people WILL find out. Why not post it early on
so's we can defend against such an attack? Information can be used for both
honorable and dishonorable purposes. Our task is to know the difference.

My two cents, flames send to /dev/null. :)

rf

Current thread:

Re: Security through obscurity, etc., (continued)
- - - Re: Security through obscurity, etc. jsz (Dec 13)
  - Re: Security through obscurity, etc. joshua geller (Dec 13)
  - No more religious wars please! (was Re: Security through obscurity, Christopher Samuel (Dec 13)
  - Re: Security through obscurity, etc. James M. Chacon (Dec 13)
    - Re: Security through obscurity, etc. Oliver Friedrichs (Dec 13)
    - Re: Security through obscurity, etc. Leo Bicknell (Dec 13)
    - Re: Security through obscurity, etc. Oliver Friedrichs (Dec 13)
    - Re: Security through obscurity, etc. Jim Littlefield (Dec 14)
  - Re: this is interesting... Paul 'Shag' Walmsley (Dec 13)
- Re: Security through obscurity, etc. David Miller (Dec 13)
- Re: Security through obscurity, etc. Richard Forno (Dec 12)
- Re: Security through obscurity, etc. der Mouse (Dec 16)