[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Holy shit I caught 1
On Mon, Aug 28, 2006 at 09:34:38AM +0200, Christian Kellermann wrote:
> * Nick Mathewson <nickm@xxxxxxxxxxxxx> [060828 04:44]:
> > Another note: if people want to continue running these checks against
> > exits (and I hope you do!) I'd suggest you keep what, exactly, you're
> > checking for a secret until *after* you run each round of tests. Then
> > announce the results, release the source, and think of more stuff to
> > test for. Releasing the source will help other people check out
> > whether the network is behaving correctly, but keeping mum about what
> > you're checking for will keep dishonest/broken people from changing
> > their behavior before you can find them out.
> That security by obscurity approach won't work. If someone trys to
> attack the tor network we should assume that this person knows what
> he/she is doing. So keeping the test method a secret will hinder the
> good guys from making sure that this old attack does not persist any
Errr. I'm afraid I can't agree here. The term "security through
obscurity" is generally reserved for attempts to keep a vulnerability
secret in hopes that attackers won't notice it. You are correct that
such approaches aren't stable, but that's not what I was advocating.
Instead, I was suggesting that if you come up with a way to check for
a previously non-checked attack, it makes sense to run the scan before
you announce the scan. Otherwise, you're giving people notice that an
attack that they were (possibly) previously getting away will soon be
detected. Once you've got initial results, it makes more sense to
distribute the scanning code so others can improve it.
By analogy, sure, it's dumb to leave the bank vault combination set to
"12345" in hopes that robbers won't notice it. But it's also
counterproductive to distribute photographs of one's plainclothes
police officers in advance of a drug sting.