1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
This may be a tad offtopic but I had to mention it. There actually |
5 |
already has been a case of people setting up faux ATM's. |
6 |
|
7 |
http://www.globetechnology.com/servlet/story/RTGAM.20030812.gtatmm0812/BNStory/Technology/ |
8 |
|
9 |
Andrew Ross wrote: |
10 |
| Stewart Honsberger wrote: |
11 |
| |
12 |
|> I don't send anything back to any unexpected port probes because I |
13 |
|> don't want to. |
14 |
|> |
15 |
|> Sure, to some extent it is security through obscurity, but the old |
16 |
|> addage isn't entirely correct. If not for security through obscurity |
17 |
|> we'd all have our PIN numbers sharpie'd on our ATM cards. |
18 |
| |
19 |
| |
20 |
| Actually, keeping my PIN secret isn't security through obscurity. |
21 |
| |
22 |
| The idea of security without obscurity focuses on keeping the number of |
23 |
| secrets at an absolute minimum. Systems designed around security through |
24 |
| obscurity tend to rely on the secrecy of certain procedures or |
25 |
| algorithms - once these are discovered by third parties, the security of |
26 |
| the system has been reduced. |
27 |
| |
28 |
| Moving back to the PIN/ATM example: |
29 |
| |
30 |
| Ideally, your PIN should be the ONLY secret involved - the encryption |
31 |
| algorithms and communication protocols could all be public. In the real |
32 |
| world, this isn't feasible (eg. ATMs do not authenticate themselves to |
33 |
| the card holder. If the algorithms and protocols were public, someone |
34 |
| could theoretically construct a trojan ATM and collect people's PINs and |
35 |
| bank cards). |
36 |
| |
37 |
| Cheers |
38 |
| |
39 |
| Andrew |
40 |
| |
41 |
| P.S It's a PIN, not a Personal Identification Number (PIN) Number :-) |
42 |
| Sorry, but it's one of my pet hates (just like Automatic Teller Machine |
43 |
| (ATM) machines). |
44 |
| |
45 |
| -- |
46 |
| gentoo-security@g.o mailing list |
47 |
| |
48 |
-----BEGIN PGP SIGNATURE----- |
49 |
Version: GnuPG v1.2.4 (GNU/Linux) |
50 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
51 |
|
52 |
iD8DBQFAHVS57ntAARlGIUERAgkfAJ4sil86TWGFsmkFa8UOl1QKBhrKegCgnP18 |
53 |
c5pvsCyRuXDWziIebvkRASc= |
54 |
=Ze97 |
55 |
-----END PGP SIGNATURE----- |
56 |
|
57 |
-- |
58 |
gentoo-security@g.o mailing list |