Date: Wed, 9 Jul 2008 11:33:25 -0700 From: Chris Palmer <chris@noncombatant.org> To: Wesley Shields <wxs@FreeBSD.org>, freebsd-security@freebsd.org Subject: Re: BIND update? Message-ID: <20080709183325.GE55473@noncombatant.org> In-Reply-To: <20080709181515.GG92109@atarininja.org> References: <17cd1fbe0807090819o2aa28250h13c58dbe262abb7c@mail.gmail.com> <3a558cb8f79e923db0c6945830834ba2.squirrel@galain.elvandar.org> <17cd1fbe0807090909i566e1789s6b7b61bf82dd333e@mail.gmail.com> <4874ECDA.60202@elvandar.org> <4874F149.1040101@FreeBSD.org> <17cd1fbe0807091027n6af312cbwab3d3277f2b5e081@mail.gmail.com> <20080709181515.GG92109@atarininja.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Wesley Shields writes: > In the security world there is a balance which must be maintained between > providing information to consumers so that they may plan accordingly, and > not providing too much information so that the attackers can write > exploits; this is the sensitive nature of the information which often > leads to opaque processes by security teams around the world. http://en.wikipedia.org/wiki/Kerckhoffs'_principle Malware authors create exploits based on information they gleaned by reverse engineering the binary patches released by Microsoft. They are able to get these exploits into the wild before everyone has even had a chance to apply the patches, even though the patching is (semi-)automated. Not only is there no security through obscurity, there isn't even any obscurity. :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080709183325.GE55473>