[pydotorg-www] Repeated outages of python.org
Georg Brandl
georg at python.org
Mon Jul 25 21:22:28 CEST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 25.07.2011 21:16, schrieb M.-A. Lemburg:
> "Martin v. Löwis" wrote:
>>> So you deliberately make it easy for potential attackers to find out
>>> about everything they need to know in order take over the site.
>>>
>>> Could you explain the reasons behind this ?
>>
>> This information is not meant for attackers, but for people contributing to
>> the maintenance of the site. It may also help attackers, but only a little
>> so, since they can easily gather the information, anyway.
>>
>> You seem to favor obscurity as a means of security. Please understand that
>> this gives a false sense of security.
>
> No, not really. Not having the information readily available doesn't make it
> more secure (obscurity never increases security), but it does make it harder,
> and thus, raises the bar for script-kiddies.
This is similar to running SSH on a non-standard port: praised by many as the
ultimate security measure, but in reality it only delays people by the amount
of time it takes to do a portscan.
Georg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
iEYEARECAAYFAk4twnQACgkQN9GcIYhpnLBQOwCgrpq7yUrbnImF/Zfp9YB1msnL
nR0Anie6euH3/NPBaBj1fdDDoZU5F+mA
=yT5z
-----END PGP SIGNATURE-----
More information about the pydotorg-www
mailing list