| |
mark :: blog
I went Geocaching again this weekend. One of the things I love about Geocaching is that it takes us to places we never knew existed, but are well worth exploring. An amazing short walk up past some waterfalls near Ayr took us to a rock, behind which, stuffed into a crevice, was the usual black bag containing the plastic box of swaps. The place wasn't deserted, near the cache were several discarded beer cans, but yet this box has sat in the hole for over a year without being disturbed by any of the thousands of visitors. No one has found it because no one was looking for it. Knowing there is a hidden box within a 10 or 20 metre radius it's then quite easy to find. You have an idea what you're looking for, and you have the knowledge that something is there to find.
As I thought about this on the walk back to the car, I was reminded of a conversation I had with a security researcher on Friday. We were discussing an upcoming serious vulnerability that he found this week in a common library. This issue is under embargo, to give the vendors and upstream authors a few days to prepare updates. But not only is the actual flaw confidential, but the fact that there is a flaw in this library is also confidential. Just like the cache which is hidden under your nose, if you know that there is a security flaw in some named library, even if you don't really know what it is or where it is, you know that if you search hard enough it has to be there somewhere.
Created: 02 Aug 2004
Tagged as: geocaching, security
0 comments
(new comments disabled)
|
|
|
Hi! I'm Mark Cox. This blog gives my
thoughts and opinions on my security
work, open source, fedora, home automation,
and other topics.
pics from my twitter:
popular tags:
[all],
apache,
apachecon,
apacheweek,
cve,
cvss,
fedora,
financial,
geocaching,
ha,
metrics,
microsoft,
nashville,
north carolina,
red hat summit,
redhat,
security,
trips
|
|
