Bugtraq mailing list archives
RE: SECURITY.NNOV: Netscape 4.7x Messanger user information retrival
From: woods () weird com (Greg A. Woods)
Date: Sat, 9 Jun 2001 11:21:33 -0400 (EDT)
[ On Thursday, June 7, 2001 at 11:47:06 (-0700), Andrew Gerweck wrote: ]
Subject: RE: SECURITY.NNOV: Netscape 4.7x Messanger user information retrival Doesn't security by obscurity have some value?
Quite the opposite when it misleads people into a false sense of security.
I'm trying to avoid a flamewar by repeating: obscurity is not a good security policy. It is often useful to treat it as completely valueless. I'm simply suggesting that it's not valueless in all cases, and we understand unnecessary information disclosure to represent a security problem, instead of dismissing it.
It's only of value when its full implicatoins are understood completely by those using it. Sometimes the best place to hide something *is* in plain view, but if you don't know that's what you're actually doing then you may not have hidden it properly at all. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods () acm org> <woods () robohack ca> Planix, Inc. <woods () planix com>; Secrets of the Weird <woods () weird com>
Current thread:
- RE: SECURITY.NNOV: Netscape 4.7x Messanger user information retrival Andrew Gerweck (Jun 08)
- RE: SECURITY.NNOV: Netscape 4.7x Messanger user information retrival Greg A. Woods (Jun 10)
- RE: SECURITY.NNOV: Netscape 4.7x Messanger user information retrival Thomas Corriher (Jun 10)