security through obscurity

(security)Or "security by obscurity". A term applied byhackers to most operating system vendors' favourite way ofcoping with security holes - namely, ignoring them,documenting neither any known holes nor the underlyingsecurity algorithms, trusting that nobody will find outabout them and that people who do find out about them won'texploit them. This never works for long and occasionally setsthe world up for debacles like the RTM worm of 1988 (seeGreat Worm), but once the brief moments of panic created bysuch events subside most vendors are all too willing to turnover and go back to sleep. After all, actually fixing thebugs would siphon off the resources needed to implement thenext user-interface frill on marketing's wish list - andbesides, if they started fixing security bugs customers mightbegin to *expect* it and imagine that their warranties ofmerchantability gave them some sort of rights.

Historical note: There are conflicting stories about theorigin of this term. It has been claimed that it was firstused in the Usenet newsgroup in news:comp.sys.apolloduring a campaign to get HP/Apollo to fix securityproblems in its Unix-clone Aegis/DomainOS (they didn'tchange a thing). ITS fans, on the other hand, say it wascoined years earlier in opposition to the incredibly paranoidMultics people down the hall, for whom security waseverything. In the ITS culture it referred to (1) the factthat by the time a tourist figured out how to make troublehe'd generally got over the urge to make it, because he feltpart of the community; and (2) (self-mockingly) the poorcoverage of the documentation and obscurity of many commands.One instance of *deliberate* security through obscurity isrecorded; the command to allow patching the running ITS system(altmode altmode control-R) echoed as $$^D. If you actuallytyped alt alt ^D, that set a flag that would prevent patchingthe system even if you later got it right.

单词	security through obscurity
释义	security through obscurity security through obscurity (security)Or "security by obscurity". A term applied byhackers to most operating system vendors' favourite way ofcoping with security holes - namely, ignoring them,documenting neither any known holes nor the underlyingsecurity algorithms, trusting that nobody will find outabout them and that people who do find out about them won'texploit them. This never works for long and occasionally setsthe world up for debacles like the RTM worm of 1988 (seeGreat Worm), but once the brief moments of panic created bysuch events subside most vendors are all too willing to turnover and go back to sleep. After all, actually fixing thebugs would siphon off the resources needed to implement thenext user-interface frill on marketing's wish list - andbesides, if they started fixing security bugs customers mightbegin to expect it and imagine that their warranties ofmerchantability gave them some sort of rights. Historical note: There are conflicting stories about theorigin of this term. It has been claimed that it was firstused in the Usenet newsgroup in news:comp.sys.apolloduring a campaign to get HP/Apollo to fix securityproblems in its Unix-clone Aegis/DomainOS (they didn'tchange a thing). ITS fans, on the other hand, say it wascoined years earlier in opposition to the incredibly paranoidMultics people down the hall, for whom security waseverything. In the ITS culture it referred to (1) the factthat by the time a tourist figured out how to make troublehe'd generally got over the urge to make it, because he feltpart of the community; and (2) (self-mockingly) the poorcoverage of the documentation and obscurity of many commands.One instance of deliberate security through obscurity isrecorded; the command to allow patching the running ITS system(altmode altmode control-R) echoed as $$^D. If you actuallytyped alt alt ^D, that set a flag that would prevent patchingthe system even if you later got it right. See STO See STO
随便看	malalag ventures plantation, inc. malalas mala la wea malalignment malam malam apresiasi puisi ramadan malamate malambo malamethane malam gemilang putra malamic malamide malam renungan aids nusantara malamud malamud bernard malamud, bernard malamute malamutes malamutes unsettled seeking homes malan malana power company ltd. malan, daniel francois malan, daniel françois malanders malandin, german