wiretapping techniques
David Collier-Brown
daveb at geac.UUCP
Wed Jul 27 22:14:20 AEST 1988
>From article <16625 at brl-adm.ARPA>, by roberts at cmr.icst.nbs.gov (John Roberts):
> I think that open discussion of weak points and breakin techniques is likely
> to cause much more harm than good,
Only in the short run!
Regrettably, people are human. If you want a given level of
security (of data) and don't have it, you typically have to
**demonstrate** that you don't have it. However, to demonstrate
this you have to threaten security... yourself.
This can get you in trouble. In fact, the test to prove that you
**do** have a given level of security can get you in trouble!
One of the basic tenets of "orange book" security is that the
means used to ensure security are to be publicly known. This does
not extend to detailed schematics of hardware to open a covert path,
but it does strongly suggest that known weaknesses should be
reported.
Have a look in the security discussion group, the literature of
computer security, etc. for further support of "security by design,
not by obfustication"...
--dave (B1 on a workstation) c-b
ps to John: sorry if this sounds like a flame: It's not, it's just
a common-mode error that I get **real** annoyed at hearing
made again and again... (:-{)
--
David Collier-Brown. {mnetor yunexus utgpu}!geac!daveb
Geac Computers Ltd., | Computer science loses its
350 Steelcase Road, | memory, if not its mind,
Markham, Ontario. | every six months.
More information about the Comp.unix.questions
mailing list