It’s amazing what a difference a little bit of time can make: Two years after kicking off what looked to be a long-shot campaign to push back on the practice of shutting down server-dependent videogames once they’re no longer profitable, Stop Killing Games founder Ross Scott and organizer Moritz Katzner appeared in front of the European Parliament to present their case—and it seemed to go very well.
Digital Fairness Act: https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14622-Digital-Fairness-Act/F33096034_en
No. It’s a valid tactic but needs to be part of a much broader strategy.
Absolute security is unachievable, but it is much harder to probe a black box to understand how it works than reading its entire manual.
This is not true.
And what part, exactly, is not true?
People like to think in black and white, but you’re definitely right. Having your SSH server on port 36271 will likely stop a ton of drive by attacks because they simply won’t check it. Having it only listen on IP6 would stop almost all of them because you can’t trawl the IP6 space efficiently. These are “obscurity”, but they have real benefits. The idea that “obscurity” doesn’t help is just a meme that people love to quote because it’s a great single sentence with some nice rhyming “security by obscurity”. I assume the reason it became a meme is because tons of products fully relied on obscurity; I still see it all the time. As you said, it’s all layers.
Yep! I don’t know a single engineer who would say that security by obscurity is never useful. Everyone knows, as you said, to put SSH on a random port. It’s the first step you do to secure a server.
I mean really the whole thing. Security by obscurity is no security at all. Device search engines like shodan exist and seeking out specifically insecure devices becomes easier by the day.
Absolute security is achievable, but comes with costs. If I’m willing to airgap everything and never go online, only using my own code, my device will be safe.
Black box testing is MUCH harder than white box testing, especially as, and I hate to say it, AI based security scanners become better and better at identifying flaws in source code. Having more information about your target is always the first step in penetration testing, and more information is ALWAYS better.
The difficulty of black box over white box is the reason obscurity has benefits…
You’re going to write your kernel and bootloader as well? Drivers for the hardware? And a compiler for those? And an assembler to build that bootstrap compiler? Build the CPU? The second any of these are “out of your control” you lose “absolute security”. The reason people say there is no “absolute security” is that it is not a useful concept to even consider. Since you have to approach it theoretically, you can easily end up stuck at the fact that every computation changes the state of the world and thus every computation can in some way be measured. It’s a useless endeavor even if it were theoretically possible because it leads you to absurd solutions against absurdly powerful attackers. You want security in a well defined threat model not some “absolute”.
Air gapping isn’t sufficient to prevent communication either. For example there are functional TCP stacks working over audio. Silence on the Wire is quite old at this point, but also explores esoteric exfiltration methods.
This comment… Confuses me.
This is exactly why security by obscurity is a valid tactic. It hides information and makes a system harder to attack.
No, it’s not. Every system has flaws. Using your own code is especially a bad idea, as it is much more likely to be flawed than a 20 yo open source project. Your airgapped device may be secure from remote attacks, since it is not connected to any network, but if it is stolen, that means nothing.
Absolute security is impossible.