On its own, it is an ineffective security measure. STO is a controversial topic in the IT world.
It is commonly held that security through obscurity is only effective if used as one layer of security and not as the entire security system. The flip side is that once that vulnerability is exposed, it is no longer secure. If an attacker does not know what the weaknesses are, they cannot exploit them. ITS system (escape escape control-R) echoed as $$^D.The concept of security through obscurity (STO) relies on the idea that a system can remain secure if the vulnerabilities are secret or hidden. Through obscurity is recorded the command to allow patching the running (self-mockingly) the poor coverage of the documentation and obscurity of The urge to make it, because he felt part of the community and (2)
#Security via obscurity how to#
Time a tourist figured out how to make trouble he'd generally gotten over In the ITS culture it referred to (1) the fact that by the
Multics people down the hall, for whom security wasĮverything. ITS fans, on the other hand, say it wasĬoined years earlier in opposition to the incredibly paranoid Unix-clone Aegis/DomainOS (they didn't change a It has been claimed that it was first used in the UsenetĪ campaign to get HP/Apollo to fix security problems in its Then where would we be?Historical note: There are conflicting stories about the origin of System with fewer holes in it than a shotgunned Swiss cheese, and Of merchantability gave them some sort of right to a and besides, if they started fixing security bugs customers mightīegin to expect it and imagine that their warranties Needed to implement the next user-interface frill on marketing's wish list After all, actually fixing the bugs would siphon off the resources Great Worm), but once the brief moments of panic created by suchĮvents subside most vendors are all too willing to turn over and go back to Occasionally sets the world up for debacles like the Holes nor the underlying security algorithms, trusting that nobody willįind out about them and that people who do find out about them won'tĮxploit them. Security holes - namely, ignoring them, documenting neither any known The New Hacker's Dictionary (0.00 / 0 votes) Rate this definition:Ī term applied by hackers to most OS vendors' favorite way of coping with Quoting from one, "System security should not depend on the secrecy of the implementation or its components."
The United States National Institute of Standards and Technology specifically recommends against security through obscurity in more than one document. Security through obscurity has never achieved engineering acceptance as an approach to securing a system, as it contradicts the principle of "keeping it simple". The technique stands in contrast with security by design and open security, although many real-world projects include elements of all strategies. An attacker's first step is usually information gathering this step is delayed by security through obscurity. A system may use security through obscurity as a defense in depth measure while all known security vulnerabilities would be mitigated through other measures, public disclosure of products and versions in use makes them early targets for newly discovered vulnerabilities in those products and versions. A system relying on security through obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that if the flaws are not known, then attackers will be unlikely to find them. Security through obscurity is a pejorative referring to a principle in security engineering, which attempts to use secrecy of design or implementation to provide security. Freebase (0.00 / 0 votes) Rate this definition: