Re: Small Bug

To: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
Cc: dallen@capitalone.com, debian-hurd@lists.debian.org
Subject: Re: Small Bug
From: "Guy's Account" <guy@interlog.com>
Date: Sun, 5 Mar 2000 09:36:26 -0500 (EST)
Message-id: <[🔎] Pine.LNX.3.96.1000305093501.18968A-100000@hal.dms.sni.ca>
Reply-to: guy@interlog.com
In-reply-to: <20000226212639.B10046@ulysses.dhis.net>

On Sat, 26 Feb 2000, Marcus Brinkmann wrote:

> On Thu, Feb 24, 2000 at 04:25:25PM -0500, dallen@capitalone.com wrote:
> > 
> > It does make more sense though that you should give the possible
> > attacker as little information about the system as you can.
> 
> In general, security through obscurity is not sufficient as a protection
> strategy.

Marcus.

This is not security by obscurity.  It is long-established practice.

> 
> The user login name is often very exposed, for example in email addresses,
> log files etc. If you already have an account, you can usually just list
> /home to get all user names of a system.

But the problem pointed out allows an attacker *without* an account to gain
information.

	<snip>

----
Guy W. Hulbert					At Work:
guy@interlog.com				guy@bioinfo.sickkids.on.ca

Reply to:

Follow-Ups:
- Re: Small Bug
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: Small Bug
  - From: nisse@lysator.liu.se (Niels Möller)

Prev by Date: Re: Installing Debian/Hurd
Next by Date: Re: Small Bug
Previous by thread: Re: libps
Next by thread: Re: Small Bug
Index(es):
- Date
- Thread