The 21/02/14, Andrew Savchenko wrote:
Any decent security setup contains multiple layers of protection.
Use of non-standard binaries, algorithms or implementations is just
one of them and it is the simplest math to prove that security is
_improved_ this way.
The algorithms and
The 21/02/14, hasufell wrote:
So you are saying compiling a minimal kernel to minimize exposure to
subsystem bugs is only obscurity? (I really wonder what Greg would say
to this)
Developers made the kernel to rely on modules. Distributions relies on
them. Since they are almost always loaded
The 21/02/14, Andrew Savchenko wrote:
Are you considering Bruce Schneier's advice as a stupid nonsense? In
his Applied cryptography he recommended one of the ways to
straighten a system: to use not so frequently used algorithms instead
of selected standards because less frequently used
On Wed, Feb 26, 2014 at 5:55 AM, Nicolas Sebrecht nsebre...@piing.fr wrote:
The 21/02/14, hasufell wrote:
So you are saying compiling a minimal kernel to minimize exposure to
subsystem bugs is only obscurity? (I really wonder what Greg would say
to this)
Developers made the kernel to rely
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Alan McKinnon:
On 21/02/2014 16:15, hasufell wrote:
Alan McKinnon:
On 20/02/2014 22:41, Nicolas Sebrecht wrote:
On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko
wrote:
And this point is one of the highest security benefits in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Nicolas Sebrecht:
The 21/02/14, hasufell wrote:
So you are saying compiling a minimal kernel to minimize exposure
to subsystem bugs is only obscurity? (I really wonder what Greg
would say to this)
Developers made the kernel to rely on
The 26/02/14, hasufell wrote:
I wasn't only talking about modules and yes... loading them on demand
actually proves my point.
No. We are talking about servers.
--
Nicolas Sebrecht
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Nicolas Sebrecht:
The 26/02/14, hasufell wrote:
I wasn't only talking about modules and yes... loading them on
demand actually proves my point.
No. We are talking about servers.
I am aware of that. Please read the whole discussion.
On 21/02/2014 16:15, hasufell wrote:
Alan McKinnon:
On 20/02/2014 22:41, Nicolas Sebrecht wrote:
On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko
wrote:
And this point is one of the highest security benefits in real
world: one have non-standard binaries, not available in the
On Thu, 20 Feb 2014 21:41:03 +0100 Nicolas Sebrecht wrote:
On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko wrote:
And this point is one of the highest security benefits in real world:
one have non-standard binaries, not available in the wild. Most
exploits will fail on such
On Thu, 20 Feb 2014 22:59:59 +0200 Alan McKinnon wrote:
On 20/02/2014 22:41, Nicolas Sebrecht wrote:
On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko wrote:
And this point is one of the highest security benefits in real world:
one have non-standard binaries, not available in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Alan McKinnon:
On 20/02/2014 22:41, Nicolas Sebrecht wrote:
On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko
wrote:
And this point is one of the highest security benefits in real
world: one have non-standard binaries, not available
The 20/02/14, Nilesh Govindrajan wrote:
Gentoo makes the best server os because it's a custom built os where the
admin knows each and every aspect of the os. Security wise, there are no
unwanted or unused stuff, so lesser bugs to deal with.
While I agree with the less code is less
On Thu, 20 Feb 2014 11:29:52 +0100 Nicolas Sebrecht wrote:
The 20/02/14, Nilesh Govindrajan wrote:
Gentoo makes the best server os because it's a custom built os where the
admin knows each and every aspect of the os. Security wise, there are no
unwanted or unused stuff, so lesser
On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko wrote:
And this point is one of the highest security benefits in real world:
one have non-standard binaries, not available in the wild. Most
exploits will fail on such binaries even if vulnerability is still
there.
While excluding
On 20/02/2014 22:41, Nicolas Sebrecht wrote:
On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko wrote:
And this point is one of the highest security benefits in real world:
one have non-standard binaries, not available in the wild. Most
exploits will fail on such binaries even if
16 matches
Mail list logo