Thursday, May 25, 2006

"Blasting away security myths" and Creating Better Ones...

Wow, how can folks be so dumb?

Blasting away security myths InfoWorld Column 2006-05-12 By Roger A. Grimes: "Too many computer defenses and books concentrate on the wrong problem -- the hackers instead of the malware. "

Exactly the opposite is true: way too many defenses focus on the worms instead of human attackers...

But it goes further into the "dumbyss" (from "dumb" + "abyss" :-)): "But the fact of the matter is that security by obscurity works, and works well." This statement is indeed correct and accepted IF (and only IF) it is used in addition to other defenses, so that a better way to phrase it is:

* "Security by obscurity" doesn't work when it is the ONLY defense
* "Security by obscurity" works great in combination with other, more reliable, mechanisms than hoping that attackers wouldn't know...

Dr Anton Chuvakin