Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@bad-frog Oh yes please, toss together something home brewn, because using something you _think_ is secure and no attacker knows how to use (until they figure it out) is definitely way fucking safer than using something that is developed publicly and has well known risks and guarantees.
-
Harambe1524y@homo-lorens Unfortunately, security through obscurity is alot easier to sell to luddites (see: those in govt that make big decisions) than actual cyber security.
-
bad-frog5464y@homo-lorens
and i refuse to believe that these luddites from the govnmnt dont spend big cash on making solutions tailored to the problems. -
@bad-frog I'm sure they do, but that does not yield better security than existing methods of protection that are regarded as secure despite being public.
-
bad-frog5464y@homo-lorens hmm... with adequate funding we could be building dyson spheres...
i believe that if you throw enough money at the problem you end up with something good.
and if the protocol is hidden you have another layer of security.
also we're talking governmental infrastructure so user friendliness shouldnt be a factor; i mean its not a problem if you need special means to communicate with your endpoint.
so if the only constraint is for the communication to be routed, even i could come up with some shenanigans that would make decoding the transmission a sore. (in fact im currently working on something to that effect, for personnal use)
now if people take big money for that id expect something really good... -
@bad-frog Money in itself is paper, the power it represents is a precondition for but not the determinant of quality. If you pay your average webdev better they won't magically become better at security and they won't eventually outperform decades of public development and testing. They will just ship the same insecure shitty homebrew protocol that is nowhere near as hard to decipher as they expect because they forget the fact that attackers have a lot more time to figure out what they did than they have to invent and develop it.
-
bad-frog5464y@homo-lorens more money should imply more oversight. more pen testing also.
or irrationnal leadership. which wouldnt surprize me now that i think of it... -
@bad-frog The latter is in my opinion the most likely result. The same leaders who can deliver something approximately usable on a reasonable budget might not be able to distribute a larger budget with comparable efficiency.
-
bad-frog5464y@homo-lorens :/ big money implies big organisation implies big oversight... or one would think...
-
bad-frog5464y@iiii depends on your definition of "too expensive".
if that means that current economy wouldnt be able to support that you or that we dont have the means to extract these from planets, you are right.
but, in absolute, it can be done with current technology, using the asteroid belt as ressources. especially if were talking about statites arranged in a shkadov thruster.
is it realistically feasible? fuck no. it would cost more than there is wealth in the world.
but with sufficient incentive, like a world-ending event, it could be done. -
bad-frog5464y@iiii maybe not.
i heard two versions: one that says to cannibalize mercury, one that say the asteroid belt would be enough.
some guy names stuart armstrong proposed the former, cant trace back the latter -
Tonnoman6224yI would like to note that while security through obscurity can help to further complicate an attack it shouldn't, under any circumstances, be your main line of defense. It simply is not possible to guarantee no one will be able to audit your infrastructure and find out how easy it may be to attack
-
@Tonnoman0909 Shuffling port numbers is security by obscurity but it's very useful for tripping up less sophisticated attacks, and because it's not possible to navigate a network where every node has odd SSH ports without making a lot of noise in the process. Security by obscurity forces the attacker to guess a lot, so it performs best in a system that otherwise works completely silently and therefore warnings are noticed.
Please stop putting critical infrastructure to the internet. Security on the internet is a joke, and we won't be laughing the time when someone dies from a cyber attack on another pipeline/dam/weapons factory.
rant