ranting and could care less about obscurity

Maybe it’s because summer has given up the fight and it’s diving colder today for the weekend, but I feel ranty.

My other rant this morning is about security through obscurity. I hate seeing people say that this is bad. I mean, passwords fit into this category! The proper frame of mind is to say, “security through *only* security” is bad. I can move my SSH port to tcp 32154. Does that make SSH more secure? Not in itself. Does it make it harder to find and thus adjust my risk factor? Yes, somewhat. All those port 22 scans on the Internet will pass me up. Obscurity can certainly, and almost always is, part of one’s security posture.

Also, I hate when people say, “I could care less.” Well, that means you could in fact care less, which means you care. You mean to say, “I couldn’t care less.”

*curmudgeonly sounds*

Leave a Reply

Your email address will not be published.