Date: Tue, 23 Apr 2002 09:49:53 -0600 (MDT) From: "M. Warner Losh" <imp@village.org> To: frank@exit.com Cc: hackers@FreeBSD.ORG Subject: Re: Security through obscurity? Message-ID: <20020423.094953.13280392.imp@village.org> In-Reply-To: <200204231523.g3NFNQnq029649@realtime.exit.com> References: <Pine.NEB.3.96L.1020423110123.64976j-100000@fledge.watson.org> <200204231523.g3NFNQnq029649@realtime.exit.com>
next in thread | previous in thread | raw e-mail | index | archive | help
: When you change defaults on a running system, you piss off a lot of users. : Including me. :-) When we fail to take reasonable steps to preclude intruders from gaining access to your system, we'd likely piss you off more if you knew about it :-(. I'll also point out that years ago core created the security-officer to make FreeBSD more secure. One of the charges of the office was to make it more secure out of the box. Now that manmy generations of security officers have made FreeBSD more secure out of the box, you can't go shooting them for doing their job for years :-). The decision to go for a more secure system by default was made years ago. I for one think the Security Officers have done a good job at doing this, but even as far as they have come, I suspect that additional things will be locked down over time. That's the nature of the threats to systems on the internet today. What was acceptible years ago now no longer is acceptible. The attackers are getting more and more sophisticated. The countermeasures for these attacks are necessarily becoming more intrusive as the same sorts of bugs raise their ugly head again and again. BTW, none of this has anything to do with STO. STO is keeping the insecure software in place and relying on attackers to be too stupid to know what to do. That strategy has proven to be bad. The ssh default that started this thread, btw, is stupid, but since I've stepped aside from the SO role, I'll let the current SO deal with it. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020423.094953.13280392.imp>