On Fri, 2009-12-18 at 20:31 +0100, Marcel Birthelmer wrote:
> > Security through obscurity: the oldest joke in the security book.
> >
> > No surprise here that huge government organizations haven't got the joke
> > yet.
> >
> > Very sad.
> 
> Well, you can see where they're coming from. If obscurity is just that
> much cheaper, and the risk (in their opinion) is worth it, then it's
> not necessarily a bad decision. 

True.

> Adding secure channels where none need
> to be would be overengineering, and this being the military, any
> engineering effort is expensive.

But it's done ALL the time.

> So the point isn't that they were trying to be secure by being
> obscure... the problem is that they didn't think they needed to be
> secure at all.

No. The response from the military was they assumed people living in
those regions wouldn't have the knowledge to view the feeds. This is a
form of security through obscurity (the feed was secure because the
enemy didn't know how to view it).

Anybody with ANY security background knows how ridiculous this approach
is, and this is ignoring the fact that the internet has become such a
vast resource for figuring out things like this.

What it demonstrates is the mindset of those in charge, which is much
scarier then the fact that the feeds are wide open for all to see.

TTYL

-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist