SecurityRatty: tag: obscurity

Security Through Obscurity

2008-06-18 13:13:26 by schneier in Schneier on Security

...obscurity works : Yes, the New York Police Department provided an escort, but during more than eight hours on Saturday, one of the great hoards of coins and currency on the planet, worth hundreds of millions of dollars, was utterly unalarmed as it was bumped through potholes, squeezed by double-parked cars and slowed by tunnel-bound traffic...

Tags: security, diamond, cullinan diamond, complex security system, uncut diamond, move, ordinary office move, cullinan, huge security

Sorry CharlieCard, Your Security Model Is Broken

2008-08-09 14:57:40 by Chris Wysopal in Zero in a bit

...obscurity is not a valid security approach for a cryptosystem Q: What are your thoughts on security by obscurity? Is NXP using this method of protection A: Security-through-obscurity hardly ever works. The lack of proper peer-review often even hurts the security of the system. Our Mifare work discovered several vulnerabilities that could be...

Tags: security, security researchers, valid security approach, system, encryption system, boston subway system, discuss security issues, court system, security systems

Stolen account firm laptop contained personal information

2008-04-28 09:50:55 by Evan Francen in The Breach Blog

...obscurity mention. Security through obscurity is a myth. It is not effective When MacAdam and other members of the firm learned the computer had been stolen, their first priority was to identify affected clients and to notify them of potential risks. This was done within 24 hours of the theft Our concern was to ensure that we are taking all...

Tags: information, clients personal information, clients, personal information, specific information, store confidential information, client information, confidential information, personal information inside

Laptop stolen from the home of a BearingPoint employee

2008-06-19 15:38:38 by Evan Francen in The Breach Blog

...obscurity defense To date, we have received no report indicating that the information stored on the laptops has been accessed or misused Evan] I think "laptops" in the breach notification is a typo BearingPoint recognizes this development, and any related inconvenience, might be upsetting We regret this incident has occurred and we...

Tags: sensitive personal information, personal information, information, bearingpoint, store confidential information, confidential information, laptop, information security, independent contractors

HMRC loses data cartridge that affects 6,548 pensioners

2007-12-31 23:30:11 by Evan Francen in The Breach Blog

...obscurity doesn't work. This is one of the oldest security fallacies in the book. Don't count on the nature of the medium to provide adequate security We are taking this loss extremely seriously and have done everything possible to locate the data cartridge. We would like to apologise to all those affected The spokesman said...

Tags: data, data cartridge, hmrc, lost hmrc cd, prime data, confidential data, hmrc breach, consult hmrc, hmrc encrypts

Myth vs. reality: Wireless SSIDs

2007-10-16 07:08:58 by Steve Riley in Steve Riley on Security

...obscurity is no security at all. Hiding an SSID will not hide a wireless network, so ignore any such advice -- and it's amazing how often I continue to see this. By the way, also ignore any advice that says to use MAC address filtering . It's amazingly trivial to spoof the MAC address of an allowed supplicant -- simply sniff the traffic, look...

Tags: simple ssid discovery, network, ssid, wireless network, networks, enterprise networks, wireless networks, mac, secure networks

Monthly Blog Round-Up - December 2007

2008-01-03 15:54:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...obscurity marketing also made it into Top 5 for the month And, finally, I need to leave some room (as #6 of 5 :-)) for my my logging polls ! Yes, they are popular too - and fun to read See you in January Possibly related posts / past monthly popular blog round-ups Monthly Blog Round-Up - November 2007 Monthly Blog Round-Up - October 2007...

Tags: blog round-up, monthly blog round-up, monthly, posts, database, database log management, popular posts, top, anti-virus efficiency

Hacking Polish Trams

2008-01-17 15:43:06 by schneier in Schneier on Security

...obscurity, combined with physical security of the equipment, wasn't enough. This kid jumped whatever fences there were, and reverse-engineered the IR control protocol. Then he was able to play "trains" with real trains

Tags: city tram driver, driver, tram, tram drivers control, tv remote control, trains, real trains, tram network, physical security

205 University of Wisconsin employees exposed

2008-01-21 14:44:21 by Evan Francen in The Breach Blog

...obscurity DOES NOT work. Just because the information may not be easy to find does not ensure that it is secure. Didn't the person who found this stumble upon it while doing an internet search In an effort to control the release of personal information, the UW stopped using students' and employees' Social Security numbers as part of their...

Tags: information, personal information, information security vulnerabilities, social, include social security, security, identifiable information serves, information security personnel, computer shop

Michael Vick's journey from the NFL to a jail cell

2007-12-11 03:13:00 by John Sexton in The Bullet Proof Blog

...obscurity and poverty to overnight stardom. Which of us would not fold under that pressure? We see Lotto winners losing fortunes all the time. There are always too many hanger-ons, both from the old days and new found friends who are afraid to speak their minds. However, having the courage to speak up and voice an unpopular opinion might be...

Tags: vick, michael vick, client safe, client, time, nfl, federal time, risk,

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo