RSS
Twitter
Security By Obscurity Doesn't Stop The Negative Day Exploits
from the just-saying... dept
This would be the latest in our ongoing series of stories about how the standard way of dealing with security problems doesn't really work any more. It relies on a system of discovering the vulnerability, figuring out how to stop it, and then distributing a patch widely. That works for incredibly slow moving malware -- but, if you hadn't noticed, malware is learning how to spread ever faster. For years people have warned that this was going to lead to "zero-day attacks" where exploits are propagating before anyone has the chance to patch. That's already started happening in many cases, and it demonstrates, again, why the "security by obscurity" argument some companies make, saying that everyone needs to stay quiet until they've patched their systems, is bogus. For example, the WMF exploit that got so much attention last month apparently was available on the black market for nearly a month before security firms started discussing it. In other words, any company that thinks keeping a security exploit quiet to prevent those with malicious intent from figuring it out are probably fooling themselves. Those with malicious intent already probably have it figured out.
Reader Comments (rss)
(Flattened / Threaded)
Did you miss the Elves in huge costumes broken int
You are a dark elf. You do love, but if anyone
found out, they'd be toast. You are not evil,
but you like people to think you are!
What elf are you? *sweet anime pic*
brought to you by Quizilla
(reply to this comment) (link to this comment)
Add Your Comment