lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0407091425140.28440-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: No shell => secure?

	[snip]

>
> This is not security through obscurity. This is security through
> incompatibility. The point of the idea is to make it necessary for an
> attacker to rewrite an exploit for my system specifically. This is
> something that over 99% of the potential attackers would not do, because
> they don't care about my system. When you have an exploit that works
> against all the RedHat boxes on the Internet, would you bother to
> customize it so that it works against one single server of one single
> random weirdo? It's not worth it.
>

beleive and redefine well known terms and methodologies as you wish, it
remains none-the-less as I and others have pointed out nothing more then
security via obscurity.  and bears the dangers as some others have pointed
out that you will most likely end up with an unusable system.  On a number
of vender OS', if the sh shell of csh shell, hooked to root user and
startup scripts is not the expected defaults, those OS's fail to function
properly on and tween reboots.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ