Am 10.08.2015 um 02:18 schrieb Kevin Kofler:
I wrote:There is also a difference between obscurity of the "nobody will guess that Alt, Alt, Ctrl+R will give you admin access" type (with or without the added honeypot trap) (a type of "security" that is easy to circumvent, as long as the target is worth spending time attacking on) and "obscurity" as in "not popular and thus not a likely attack target".PS: Speaking of security through obscurity: This: https://bugzilla.mozilla.org/show_bug.cgi?id=1178058 is the bug for that Firefox CVE with exploits in the wild. It says: | Access Denied | You are not authorized to access bug 1178058. To see this bug, you must | first log in to an account with the appropriate permissions. The vulnerability is already public, but it is still not possible to view the bug details. (As far as I know, Mozilla actually NEVER opens up this kind of bug reports.) THIS is true evil security through obscurity
if that's your point against Firefox you are lost because there are tons of similar reports at https://bugzilla.redhat.com
but that don't change the fact bringing a zero-day exploit for Firefox as reason not to make it the default browser is bullshit in context of security
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ kde mailing list kde@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kde New to KDE4? - get help from http://userbase.kde.org
