![]() ![]() Security by obscurity is in essence an insecure concept in that it means that the hidden secret, or unknown entity, is the key to unlocking the entire system. On the opposite side, Kerckhoff’s Principle from the end of the 19 th century holds that the cryptographic system should be secure as long as the key is kept secret, even if everything else about the system is well-known. STO has been a traditional aspect of cryptography with government agencies, such as the NSA (National Security Agency), employing cryptographers whose work was kept secret. While there was much outrage, the argument was made that people working to break in already know how and exposing flaws in the design will not actually make them more vulnerable to attack. ![]() It involved the concept of publishing how to successfully pick a state-of-the-art lock at the time. The concept of security through obscurity has a long-standing history, with early opponents dating back to the 1850s. If there is a leak, the entire system can be compromised. In theory, this works, but the margin of human error is wide. If no one outside of the core group is aware of them, or the vulnerabilities, the system can remain secure. Inner mechanisms and workings of a system are kept on a “need to know” basis. Security through obscurity seeks to keep a system secure by keeping knowledge of it secret. On its own, it is an ineffective security measure. STO is a controversial topic in the IT world. It is commonly held that security through obscurity is only effective if used as one layer of security and not as the entire security system. The flip side is that once that vulnerability is exposed, it is no longer secure. If an attacker does not know what the weaknesses are, they cannot exploit them. ![]() In addition to written articles, we are open to other ideas of what you might want to experience.The concept of security through obscurity (STO) relies on the idea that a system can remain secure if the vulnerabilities are secret or hidden. This new model will increase opportunities for the community to contribute to login: and engage with its content. ![]() Rik Farrow, the current editor of the magazine, will continue to provide leadership for the overall content offered in login:, which will be released via our website on a regular basis throughout the year.Īs we plan to launch this new format, we are forming an editorial committee of volunteers from throughout the USENIX community to curate content, meaning that this will be a formally peer-reviewed publication. However, only USENIX members at the sustainer level or higher, as well as student members, will have exclusive access to the interactivity options. In keeping with our commitment to open access, all login: content will be open to everyone when we make this change. Since USENIX became an open access publisher of papers in 2008, login: has remained our only content behind a membership paywall. Beginning in 2021, login: will no longer be the formally published print magazine as we’ve known it most recently, but rather reimagined as a digital publication with increased opportunities for interactivity among authors and readers. Since its inception 45 years ago, it has served as a medium through which the USENIX community learns about useful tools, research, and events from one another. login: Enters a New Phase of Its Evolutionįor over 20 years, login: has been a print magazine with a digital version in the two decades previous, it was USENIX’s newsletter, UNIX News. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |