undefined | Better HN

0 pointshenryackerman6y ago0 comments

Security-through-obscurity can be very effective by using it to throw up a smoke screen.

Case: you need to protect a web server. If you can successfully hide/spoof your OS/software fingerprint, an attacker won't know whether your server has vulnerable software. This makes exploit selection extremely difficult.

You can protect an already secure system from 0-day or unknown exploits by hiding whether you're running windows/linux/bsd/whatever with IIS/apache/nginx/traefik/caddy.

Of course this should not be used as an argument to introduce laws that limit the rights of repair shops, users or even security researchers.

0 comments

dvfjsdhgfv6y ago

Really? Software detection techniques are so sophisticated these days, you need to put a lot of effort into that, and it all can be defeated by something very simple that doesn't even depend on you. Experts will find the way and newbies will just throw at you everything they have.

j / k navigate · click thread line to collapse

0 pointshenryackerman6y ago0 comments

Security-through-obscurity can be very effective by using it to throw up a smoke screen.

You can protect an already secure system from 0-day or unknown exploits by hiding whether you're running windows/linux/bsd/whatever with IIS/apache/nginx/traefik/caddy.

Of course this should not be used as an argument to introduce laws that limit the rights of repair shops, users or even security researchers.

0 comments

dvfjsdhgfv6y ago

j / k navigate · click thread line to collapse