Re: Security through obscurity

wolfox Gentle Wolfox join:2002-11-27 Dunnellon, FL	reply to ThunderCorp Re: Security through obscurity said by ThunderCorp : i never believe in security by obscurity. i believe in security by inherent secure default settings (well written software + a good admin behind them). Exactly. I run Outlook and MSIE and have never gotten an infection/system compromise via that vector. The default security settings are laughable at best. With a few well placed tweaks - problem solved. However, I did run one system overnight via a DMZ'd internal IP and it got whacked to shreds, it was running IIS FTP and some script kiddie tore it apart. That is another matter altogether, and a failed experiment. -- Nothwest Arkansas' ONLY all Techno Radio Webcast, powered by SBC DSL!
	to forum · permalink · · 2004-04-16 16:48:34 ·
ThunderCorp join:2002-03-11 Chula Vista, CA	reply to Sandman5 i never believe in security by obscurity. i believe in security by inherent secure default settings (well written software + a good admin behind them). Oh, and to let you know, the OSX trojan isn't out in the wild and even if it was, it has an huge achilles heel that makes its existence a joke. Once you send it over the 'Net over any protocol its resource fork is stripped off, thereby making it useless. I guess you should know better than to trust an antivirus company about virus announcements (they're out to make money if they're losing it). Even if the trojan got onto an OS X system intact, it can only affect the files in the current user's directory, since it cannot elevate to sudo permissions with a password. And, as you know, OS X ships with root OFF so even the admin users can't affect system files without sudo.
	to forum · permalink · · 2004-04-16 13:47:58 ·


Saturday, 28-Nov 03:58:24	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF