Atlas48/JargonFile
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cb847ea893
JargonFile/original/html/S/security-through-obscurity.html
Bob Mottram cb847ea893 Original files version 4.4.7
2014-03-27 18:54:56 +00:00

35 lines
4.2 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>security through obscurity</title><link rel="stylesheet" href="../../jargon.css" type="text/css"/><meta name="generator" content="DocBook XSL Stylesheets V1.61.0"/><link rel="home" href="../index.html" title="The Jargon File"/><link rel="up" href="../S.html" title="S"/><link rel="previous" href="secondary-damage.html" title="secondary damage"/><link rel="next" href="SED.html" title="SED"/></head><body><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">security through obscurity</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="secondary-damage.html">Prev</a> </td><th width="60%" align="center">S</th><td width="20%" align="right"> <a accesskey="n" href="SED.html">Next</a></td></tr></table><hr/></div><dt><a id="security-through-obscurity"/><dt xmlns="" id="security-through-obscurity"><b>security through obscurity</b></dt></dt><dd><p> (alt.: <span class="firstterm">security by obscurity</span>)
A term applied by hackers to most OS vendors' favorite way of coping with
security holes &#8212; namely, ignoring them, documenting neither any known
holes nor the underlying security algorithms, trusting that nobody will
find out about them and that people who do find out about them won't
exploit them. This &#8220;<span class="quote">strategy</span>&#8221; never works for long and
occasionally sets the world up for debacles like the
<a href="../R/RTM.html"><i class="glossterm">RTM</i></a> worm of 1988 (see
<a href="../G/Great-Worm.html"><i class="glossterm">Great Worm</i></a>), but once the brief moments of panic created by such
events subside most vendors are all too willing to turn over and go back to
sleep. After all, actually fixing the bugs would siphon off the resources
needed to implement the next user-interface frill on marketing's wish list
&#8212; and besides, if they started fixing security bugs customers might
begin to <span class="emphasis"><em>expect</em></span> it and imagine that their warranties
of merchantability gave them some sort of <span class="emphasis"><em>right</em></span> to a
system with fewer holes in it than a shotgunned Swiss cheese, and
<span class="emphasis"><em>then</em></span> where would we be?</p></dd><dd><p>Historical note: There are conflicting stories about the origin of
this term. It has been claimed that it was first used in the Usenet
newsgroup <tt class="systemitem">comp.sys.apollo</tt> during
a campaign to get HP/Apollo to fix security problems in its
Unix-<a href="../C/clone.html"><i class="glossterm">clone</i></a> Aegis/DomainOS (they didn't change a
thing). <a href="../I/ITS.html"><i class="glossterm">ITS</i></a> fans, on the other hand, say it was
coined years earlier in opposition to the incredibly paranoid
<a href="../M/Multics.html"><i class="glossterm">Multics</i></a> people down the hall, for whom security was
everything. In the ITS culture it referred to (1) the fact that by the
time a tourist figured out how to make trouble he'd generally gotten over
the urge to make it, because he felt part of the community; and (2)
(self-mockingly) the poor coverage of the documentation and obscurity of
many commands. One instance of <span class="emphasis"><em>deliberate</em></span> security
through obscurity is recorded; the command to allow patching the running
ITS system (escape escape control-R) echoed as $$^D. If you actually typed
alt alt ^D, that set a flag that would prevent patching the system even if
you later got it right.</p></dd><div class="navfooter"><hr/><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="secondary-damage.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="../S.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="SED.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">secondary damage </td><td width="20%" align="center"><a accesskey="h" href="../index.html">Home</a></td><td width="40%" align="right" valign="top"> SED</td></tr></table></div></body></html>
Reference in New Issue View Git Blame Copy Permalink