AT&T Keeps Up DSL Promo Deal Price War >>
<< Patent Office Agrees To Review JPEG Patents...
 tdicon 

(Mis)Uses of Technology

by Mike Masnick

Thu, Feb 2nd 2006 3:11pm





Security By Obscurity Doesn't Stop The Negative Day Exploits

from the just-saying... dept

This would be the latest in our ongoing series of stories about how the standard way of dealing with security problems doesn't really work any more. It relies on a system of discovering the vulnerability, figuring out how to stop it, and then distributing a patch widely. That works for incredibly slow moving malware -- but, if you hadn't noticed, malware is learning how to spread ever faster. For years people have warned that this was going to lead to "zero-day attacks" where exploits are propagating before anyone has the chance to patch. That's already started happening in many cases, and it demonstrates, again, why the "security by obscurity" argument some companies make, saying that everyone needs to stay quiet until they've patched their systems, is bogus. For example, the WMF exploit that got so much attention last month apparently was available on the black market for nearly a month before security firms started discussing it. In other words, any company that thinks keeping a security exploit quiet to prevent those with malicious intent from figuring it out are probably fooling themselves. Those with malicious intent already probably have it figured out.

1 Comments | Leave a Comment

If you liked this post, you may also be interested in...

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Andrew Strasser, Feb 3rd, 2006 @ 1:18am

    Did you miss the Elves in huge costumes broken int


    You are a dark elf. You do love, but if anyone
    found out, they'd be toast. You are not evil,
    but you like people to think you are!
    What elf are you? *sweet anime pic*
    brought to you by Quizilla

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
AT&T Keeps Up DSL Promo Deal Price War >>
<< Patent Office Agrees To Review JPEG Patents...
 tdicon 
Follow Techdirt
Flattr rss rss
A word from our Sponsors...
Sponsored Resource
Essential Reading
Techdirt Reading List
Techdirt Insider Chat

A word from our Sponsors...
Recent Stories

Wednesday

5:58am: Sweden Makes It Illegal To Take Photos In 'Private Environments' Without Permission (11)
3:58am: Hollywood Studios Keep Saying Its Employees Must Get Paid, And Now May Be Forced To Pay Its Interns (57)
1:56am: Warning Letters Under UK's Three Strikes Plan Unlikely To Be Sent Out Before 2016 -- If Ever (12)

Tuesday

11:01pm: Public Outcry In Taiwan Kills Their Version Of SOPA (9)
8:02pm: WIPO: Informal Economy Innovates In The Absence Of Intellectual Monopolies (10)
5:00pm: DailyDirt: Augmented Vision (3)
3:50pm: States Attorneys General Want Special Exception To Blame Sites For Actions Of Users (66)
3:02pm: Google, Without Admitting It Gets FISA Orders, Files Lawsuit To Challenge FISA Gag Orders (28)
2:29pm: NYPD Commissioner Blasts NSA Secret Monitoring For Being Secret (25)
1:43pm: It's Come To This: Commentators Arguing That The Press Commits A Crime In Exposing NSA Surveillance (50)
More arrow
A word from our Sponsors...

Close

Email This