undefined | Better HN

0 pointsunethical_ban1y ago0 comments

No, it's a very sensible slogan to keep people from doing a common, bad thing.

Obscurity helps cut down on noise and low effort attacks and scans. It only helps as a security mechanism in that the remaining access/error logs are both fewer and more interesting.

0 comments

TZubiri1y ago

I definitely see it's value as a very naive recommendation to avoid someone literally relying on an algorithmic or low entropy secret. Literally something you may learn on your first class on security.

However on more advanced levels, a more common error is to ignore the risks of open source and being public. If you don't publish your source code, you are massively safer, period.

I guess your view on the subject depends on whether you think you are ahead of the curve by taking the naive interpretation. It's like investing in the stock market based on your knowledge of supply and demand.

j / k navigate · click thread line to collapse

0 pointsunethical_ban1y ago0 comments

No, it's a very sensible slogan to keep people from doing a common, bad thing.

Obscurity helps cut down on noise and low effort attacks and scans. It only helps as a security mechanism in that the remaining access/error logs are both fewer and more interesting.

0 comments

TZubiri1y ago

However on more advanced levels, a more common error is to ignore the risks of open source and being public. If you don't publish your source code, you are massively safer, period.

j / k navigate · click thread line to collapse