Re: [PLUG] Virtual Box will not recognize my USB printer (

Rich Freeman on 15 Jan 2011 19:27:56 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Virtual Box will not recognize my USB printer (

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Virtual Box will not recognize my USB printer (
Date: Sat, 15 Jan 2011 22:27:50 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=4rh4XDypiTLkEuaf5TdmpG/7OTJmA23bimmnmMAp2Ck=; b=tnxmyMqib/fLrXW1slFsNzB7mnJeWVY1t65XJS2LMzl5Nq305w1sGpOPIOWk2F+Vqv GWUcODou7VwPt02Ezl3S27QB6VIOM8qWdKex1csq1NS9GD887/3vfhSDm/yYV3FalhEY w4CUh9t0+rEq4sLyiiwiajV6EHQSvZGVVf9RA=
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org

On Sat, Jan 15, 2011 at 1:08 PM, Steve Slaughter
<steve2slaughter@gmail.com> wrote:
> I think keeping some of the details of an otherwise well-engineered system
> secret can be part of a more in-depth security strategy.

I think it greatly depends on the situation, and the threat model.

I don't think it applies well to software - certainly not to software
that is distributed.  It is debatable how well it even applies to
things like military installations.  Sure, carefully screened
volunteers loyal to country may keep secrets pretty well, but after
decades can you really be sure that somebody hasn't talked to an
adversary about the layout of your underground bunker, or whatever?

The only obscurity I'd trust is systematic obscurity.  If you randomly
change the guard rotation every week, that is systematic obscurity.

I wouldn't consider either the iPhone or the Android OS to be
"obscure."  The full specifications for both are well-communicated to
the public.  In the case of android it is easily retrieved from a
website.  In the case of an iPhone it can be retrieved from the ROM of
any device that has been sold.  People put a lot of emphasis on source
code, but I suspect to determined attackers that the source only makes
modifications a little easier.

What is source anyway?  Source is just a verbose description of what a
program does.  Bytecode is less verbose, and machine code is even less
verbose.  Any way you slice it you still have a series of instructions
interpreted by a machine that operates according to a well-defined
specification.  They all can be modified, subverted, and
systematically scanned for weaknesses.

Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- Re: [PLUG] Virtual Box will not recognize my USB printer (
  - From: Steve Slaughter <steve2slaughter@gmail.com>

Prev by Date: [PLUG] Zimbra/Android - Was LDAP addressbooks
Next by Date: Re: [PLUG] LDAP addressbooks (Long)
Previous by thread: Re: [PLUG] Virtual Box will not recognize my USB printer (
Next by thread: [PLUG] [plug-announce] PLUG West, Mon, Jan 17, 2011 - "An Introduction to Machine Control with EMC2" presented by Eric Johnson (7pm at FIS in Malvern)
Index(es):
- Date
- Thread