Star Feds Snub Open Source for 'Smart' Radios
Linked by Thom Holwerda on Sat 7th Jul 2007 19:19 UTC, submitted by flanque
GNU, GPL, Open Source Mobile-gadget makers are starting to take advantage of software-defined radio, a new technology allowing a single device to receive signals from multiple sources, including TV stations and cell phone networks. But a new federal rule set to take effect Friday could mean that radios built on 'open-source elements' may encounter a more sluggish path to market - or, in the worst case scenario, be shut out altogether. U.S. regulators, it seems, believe the inherently public nature of open-source code makes it more vulnerable to hackers, leaving 'a high burden to demonstrate that it is sufficiently secure'.
E-mail Print r 0   61 Comment(s) http://osne.ws/e28
Thread beginning with comment 253804
To read all comments associated with this story, please click here.
I invite everyone who thinks
by Cloudy on Sun 8th Jul 2007 05:38 UTC
Cloudy
Member since:
2006-02-15

that 'security through obscurity' is a myth to send me their ATM card # and PIN.

All security, except physical security, is based on obscurity in the form of secret keeping.

Reply Bookmark Score: 4

wakeupneo Member since:
2005-07-06

You're looking at it backwards. A more accurate analogy would be for me to send you the schematics for the card and the code for the software which encrypts the information on it. It's then up to you to figure out how to get at my PIN.

See the difference?

Reply Parent Bookmark Score: 5

sbergman27 Member since:
2005-07-24

"""
See the difference?
"""

No. Cloudy has it right. Passwords and PINs are the very essence or security through obscurity and yet no one ever seems to mention the fact.

The problem is that "security through obscurity" is one of those meaningless phrases that everyone uses but almost nobody bothers to operationally define.

At what point is an obscure item sufficiently difficult to figure out that it can be considered an effective security measure?

The fact is that security through obscurity can work quite well indeed. And even in its weaker forms, can play an effective part in an overall, layered, security scheme.

"Security through obscurity doesn't work" is more of a propaganda slogan than a security principle. More accurate would be to say that "relatively shallow security through obscurity, by itself, is often not very effective". But that's hard to chant. ;-)

Edited 2007-07-08 12:31

Reply Parent Bookmark Score: 4

Read more of this thread... >
Cloudy Member since:
2006-02-15

You're looking at it backwards.

I look forward to you posting your PIN and ATM # in reply, if that's so.

A more accurate analogy would be for me to send you the schematics for the card and the code for the software which encrypts the information on it. It's then up to you to figure out how to get at my PIN.

It wasn't an analogy, it was an example. All of that clever hardware and software makes no difference at all if I have access to the piece of information that you are keeping obscure, your PIN.

The problem with your line of thinking is that you're looking at the strongest link in the security chain rather than the weakest.

Reply Parent Bookmark Score: 2