List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
-----BEGIN PGP SIGNED MESSAGE-----
This may be a tad offtopic but I had to mention it. There actually
already has been a case of people setting up faux ATM's.
Andrew Ross wrote:
| Stewart Honsberger wrote:
|> I don't send anything back to any unexpected port probes because I
|> don't want to.
|> Sure, to some extent it is security through obscurity, but the old
|> addage isn't entirely correct. If not for security through obscurity
|> we'd all have our PIN numbers sharpie'd on our ATM cards.
| Actually, keeping my PIN secret isn't security through obscurity.
| The idea of security without obscurity focuses on keeping the number of
| secrets at an absolute minimum. Systems designed around security through
| obscurity tend to rely on the secrecy of certain procedures or
| algorithms - once these are discovered by third parties, the security of
| the system has been reduced.
| Moving back to the PIN/ATM example:
| Ideally, your PIN should be the ONLY secret involved - the encryption
| algorithms and communication protocols could all be public. In the real
| world, this isn't feasible (eg. ATMs do not authenticate themselves to
| the card holder. If the algorithms and protocols were public, someone
| could theoretically construct a trojan ATM and collect people's PINs and
| bank cards).
| P.S It's a PIN, not a Personal Identification Number (PIN) Number :-)
| Sorry, but it's one of my pet hates (just like Automatic Teller Machine
| (ATM) machines).
| firstname.lastname@example.org mailing list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
email@example.com mailing list