Security By Obscurity Doesn't Stop The Negative Day Exploits

from the just-saying... dept

This would be the latest in our ongoing series of stories about how the standard way of dealing with security problems doesn’t really work any more. It relies on a system of discovering the vulnerability, figuring out how to stop it, and then distributing a patch widely. That works for incredibly slow moving malware — but, if you hadn’t noticed, malware is learning how to spread ever faster. For years people have warned that this was going to lead to “zero-day attacks” where exploits are propagating before anyone has the chance to patch. That’s already started happening in many cases, and it demonstrates, again, why the “security by obscurity” argument some companies make, saying that everyone needs to stay quiet until they’ve patched their systems, is bogus. For example, the WMF exploit that got so much attention last month apparently was available on the black market for nearly a month before security firms started discussing it. In other words, any company that thinks keeping a security exploit quiet to prevent those with malicious intent from figuring it out are probably fooling themselves. Those with malicious intent already probably have it figured out.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Security By Obscurity Doesn't Stop The Negative Day Exploits”

Subscribe: RSS Leave a comment
1 Comment

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...