![]() ![]()
The entire point of the fallacy is to counteract people’s instinct to suppress information. Obscurity has problems, always, even if it’s just an additional layer in your “defense in depth”. It’s the very opposite of what you suppose to understand. Wikipedia substantiates this, claiming experts advise that “obscurity should never be the only security mechanism”. The top rated comment makes the claim this fallacy means “if your only security is obscurity, it’s bad”. Eventually, these misconceptions displace the original concept in the community.Ī good demonstration is this discussion of the “security through obscurity fallacy”. ![]() Over time, they start to believe misconceptions about that topic that they never learned. People learn a topic only as far as they need to regurgitate the right answer on a certification test. Infosec is a largely non-technical field. By comparison, Windows and macOS are limited to the improvements that come directly from Microsoft and Apple.Read the original article: Cliché: Security through obscurity (yet again) Or they can keep those improvements for themselves. Since the code is open, people are free to make improvements and submit them back for other Linux users to benefit from. #Security through obscurity software#Department of Defense and the Chinese government, there are many parties invested in keeping the software secure. With organizations as varied and diverse as Google and IBM to the U.S. So why is Linux widely regarded as being a secure operating system? While this is partly due to the advantages of Unix-style design, Linux also benefits from the sheer number of people invested in its ecosystem. Again, as we sometimes see in government, public material can go ignored simply because it's boring. #Security through obscurity code#And just because many people can look at code doesn't mean that they do. It can take a while to discover quirks such as hitting the Backspace key 28 times to bypass the lockscreen. Sometimes bugs are so obscure that they go decades without detection, even though the software is in use by millions ( not to say this doesn't happen on Windows too). Sometimes it goes under the radar.īugs such as Heartbleed have shown us that security isn't guaranteed. When new legislation or executive orders are passed, sometimes journalists and law professionals scrutinize the material. Or can we? We can draw an easy parallel with government. ![]() ![]() And even when Microsoft does open up, it remains purposefully vague. What it does with that data, we don't know. Microsoft has ramped up its efforts to collect information on Windows users in order to further monetize its product. #Security through obscurity windows 10#The release of Windows 10 showed many users that unwanted behavior can come from the software itself. The thing is, sometimes the threat doesn't come from outside the operating system. Instead, they rely on secrecy as only the first layer of defense, slowing attackers down by making it harder for them to get information on the system they're looking to infiltrate. They aren't relying entirely on smoke and mirrors to keep bad guys away. Proprietary tech companies spend billions on making their software safe. Google rewards people who discover security flaws in Chrome, and it's hardly the only the only tech giant to use this tactic. Security Through Obscurity Can't Be the Only Solutionįortunately, this approach is only part of the defensive plan these companies take. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |