[opensource] Re: [opensource-announce] Meeting Announcement: 10/24/06 - This Week in Slashdot!

Alexander J. Lingo lingo.13 at osu.edu
Mon Oct 23 23:35:52 EDT 2006


On 10/23/06, BRIAN SWANEY <swaney.29 at osu.edu> wrote:
>
> Actually, I didn't mean only by obscurity. I loaded Linux for a piece of
> security. That doesn't mean that I'm going to go around and download junk
> until my hard drive crashes assuming that Linux is "invincible" because I'm
> sure someone out there has malware that works on it (God help me if I come
> across that; I have enough problems understanding how everything works).
> Man, that was a run-on sentence! If I could find some sort of anti-virus for
> Linux, I'd probably use it. I am just that type of paranoid freak that
> combines whatever security methods he can wrap his ethernet cable around.


Being security conscious is always a good thing. But changing the hostname
(the name of the computer) is not a significant upgrade in security.

Try Clam AntiVirus (http://www.clamav.net/) + ClamTk (
http://sourceforge.net/projects/clamtk/).

Also, if the content of your message could be useful to anyone else on the
list, please be sure to also send it to the list.

-- alex


-Brian Swaney
>
> ----- Original Message -----
> From: "Alexander J. Lingo" <lingo.13 at osu.edu>
> Date: Monday, October 23, 2006 11:18 pm
> Subject: Re: [opensource] Re: [opensource-announce] Meeting Announcement:
> 10/24/06 - This Week in Slashdot!
>
> > Now, Now... Let's be nice to Brian. He's new here.
> >
> > What Nick is saying is that the security practice known as
> > "security through
> > obscurity" (StO) is a bad idea. I agree with him.
> >
> > As Wikipedia states, "A system relying on security through
> > obscurity may
> > have theoretical or actual security vulnerabilities, but its owners or
> > designers believe that the flaws are not known, and that attackers are
> > unlikely to find them."
> >
> > Basically, StO is the idea that if one does not know about a systems
> > vulnerabilities or flaws, they they are not really flaws. This is a
> > bad idea
> > in practice because once the flaws are discovered, then they can be
> > exploited. It is much better to have real security and assume that
> > all flaws
> > are known and fix them before they are actually discovered.
> >
> > An example is the lock-core system used in dorms I mentioned
> > earlier. OSU
> > may assume that dorm rooms are secure because nobody knows about
> > the flaw I
> > mentioned. That is security through obscurity. What OSU should do is
> > actually fix the problem instead of assuming it is A-OK.
> >
> > -- alex
> >
> > On 10/23/06, Nick Hurley <hurley at todesschaf.org> wrote:
> > >
> > > BRIAN SWANEY <swaney.29 at osu.edu> writes:
> > > > Oh yes, about the computer, it should probably have a name that
> > > > doesn't really make sense, like a set of randomly generated
> > letters> > and numbers (like dx2Rh86FwP), so black-hat outsiders
> > don't know what
> > > > system name to look for.
> > >
> > > Normally I wouldn't bother replying, but this just tweaked my
> > radar so
> > > much that I have to...
> > >
> > > I REALLY hope this was a joke, since it amounts to security through
> > > obscurity (and it's not even really obscure, just convoluted),
> > which,> as anyone with any security practice knows, is as good as
> > worthless. If
> > > it's not a joke, then just... wow. That's probably a little
> > unkind of me
> > > to say, but I feel it's better to be a little unkind and educate
> > others> than to be kind and let people continue with misguided (and
> > dangerous)> misconceptions.
> > > --
> > > Peace,
> > >   Nick
> > >
> > >    Miss Wormwood: What state do you live in?
> > >    Calvin: Denial.
> > >    Miss Wormwood: I don't suppose I can argue with that...
> > >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.cse.ohio-state.edu/pipermail/opensource/attachments/20061023/e6e743c2/attachment.html


More information about the Opensource mailing list