|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Attn MCI/UUNet - Massive abuse from your network
** Reply to message from Brad Knowles <[email protected]> on Fri, 25 Jun 2004 18:14:43 +0200 > At 8:44 AM -0700 2004-06-25, Jeff Shultz wrote: > > > At least if someone in this "clearing house" sells it to the > > terrorists, they will have had to work for it a bit, instead of having > > us hand it to them on a silver platter, as the FCC seems to want. > > Not true. If the information is forced to be completely in the > open, then everyone knows it's not insecure and no one depends on the > fact that it was supposed to be kept secret. This is a case where > you are more secure the more open the information is -- indeed, as we > are in most cases, which is why we have the age-old security mantra > of "security through obscurity is not secure". > Do you realize that the basic element of security, the password, is based on the entire premise you just dismissed? And yet we still use them - and depend on the fact that they are supposed to be kept secret. The problem with being totally open about infrastructure is that there are some vulnerabilities that simply cannot or will not be fixed - wires sometimes have to run across bridges, redundant pumping stations are too expensive... in these cases is it not better to hide where these vulnerabilities are? The problem with your point is that even if the information is forced to be completely in the open, that is no guarantee that it will be fixed, and people _do_ depend on this stuff, regardless of its reliability or security. Do you really think that if we publish all the insecurities of the Internet infrastructure that anyone is gonna stop using it, or business, government, and private citizens are going to quit depending on it? Security through obscurity is not secure - but sometimes it's all you have. -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
|