Proprietary tech companies spend billions on making their software safe. Google rewards people who discover security flaws in Chrome, and it's hardly the only the only tech giant to use this tactic. ITS system (escape escape control-R) echoed as $$^D.Security Through Obscurity Can't Be the Only Solutionįortunately, this approach is only part of the defensive plan these companies take. Through obscurity is recorded the command to allow patching the running (self-mockingly) the poor coverage of the documentation and obscurity of The urge to make it, because he felt part of the community and (2)
SECURITY THROUGH OBSCURITY HOW TO
Time a tourist figured out how to make trouble he'd generally gotten over In the ITS culture it referred to (1) the fact that by the Multics people down the hall, for whom security wasĮverything. ITS fans, on the other hand, say it wasĬoined years earlier in opposition to the incredibly paranoid Unix-clone Aegis/DomainOS (they didn't change a It has been claimed that it was first used in the UsenetĪ campaign to get HP/Apollo to fix security problems in its Then where would we be?Historical note: There are conflicting stories about the origin of System with fewer holes in it than a shotgunned Swiss cheese, and Of merchantability gave them some sort of right to a and besides, if they started fixing security bugs customers mightīegin to expect it and imagine that their warranties Needed to implement the next user-interface frill on marketing's wish list After all, actually fixing the bugs would siphon off the resources Great Worm), but once the brief moments of panic created by suchĮvents subside most vendors are all too willing to turn over and go back to Occasionally sets the world up for debacles like the Holes nor the underlying security algorithms, trusting that nobody willįind out about them and that people who do find out about them won'tĮxploit them. Security holes - namely, ignoring them, documenting neither any known The New Hacker's Dictionary (0.00 / 0 votes) Rate this definition:Ī term applied by hackers to most OS vendors' favorite way of coping with Quoting from one, "System security should not depend on the secrecy of the implementation or its components." The United States National Institute of Standards and Technology specifically recommends against security through obscurity in more than one document. Security through obscurity has never achieved engineering acceptance as an approach to securing a system, as it contradicts the principle of "keeping it simple". The technique stands in contrast with security by design and open security, although many real-world projects include elements of all strategies. An attacker's first step is usually information gathering this step is delayed by security through obscurity. A system may use security through obscurity as a defense in depth measure while all known security vulnerabilities would be mitigated through other measures, public disclosure of products and versions in use makes them early targets for newly discovered vulnerabilities in those products and versions. A system relying on security through obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that if the flaws are not known, then attackers will be unlikely to find them.
Security through obscurity is a pejorative referring to a principle in security engineering, which attempts to use secrecy of design or implementation to provide security. Freebase (0.00 / 0 votes) Rate this definition:
0 kommentar(er)
