Gilbert Saint-Flour writes:
What you describe is "security through obscurity". I believe most people
on this list agree that it is
an ineffective way to protect a computer system.
and he may well be right that they do, although how he knows this is not
clear to me.
His view is nevertheless a utopian, even silly one. I am a believer in RACF
and the like. Its/their availability make z/OS relatively very much more
secure than it would be if they were not in place.
That it/they provide absolute security, or would do so if the facilities
they make available were but used more competently and aggressively, is
nevertheless not the case.
They embody always obsolescent assumptions about what other people know or
will learn. Encryption schemes are still, for example, routinely evaluated
assuming that only simplistic, trial-and-error methods will be used to
penetrate them, long after it has become clear that their real vulnerability
is to new mathematics, which is making many of them very insecure indeed.
I have myself been writing mainframe assembly language routines since
OS/PCP, and in this now long interval I cannot recall ever having spent time
attempting to circumvent a security provision, but I have nevertheless
discovered a number of plasces where such circumventions are possible,
sometimes by blundering upon them and sometimes by observing the black-box
behavior of OCO modules for other, wholly practical reasons.
I have not exploited these weaknesses for fun or profit, and I will not do
so, but I cannot as a practical matter spend time writing up a PMR every
time I identify a possible security flaw. That is not my job. Moreover,
although this is a species of 'trust me' argument from authority, I will add
that other very experienced people known to me have similar war stories to
tell.
In describing the text of TDAFOTRE Edward Gibbon long ago wrote,
"My English text is chaste, and all licentious passages are left in the
decent obscurity of a learned
languiage".
'Decent obscurity' makes some things unavailable, or at least very much more
difficult of access, to the unlearned; and this is useful.
John Gilmore
Ashland, MA 01721-1817
USA
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html