Hi, this feel kinda wrong to me, but at the same time it feels a bit right, and google didn't helped me (as usual since a few years...)
I don't really plan on doing this, it's more of a theoretical question.
TLDR;
What is your opinion about relying on custom hardware, protocols and tunneling as a mean of security for devices with low chances of being specifically targeted ?
Yapping
I'm into software development since early 00's and spent a good part of that decade fiddling with security topics in general, but lost interest over time, just kept interest in reverse engineering from a software developer perspective, and forgot most of the details of what I did during that era of my life.
But I'm remembering the days where it was easy AF to get into wifis, wether badly (or barely) secured, or with alfanet-like "illegal" interfaces to spoof the ap and that kind of things. It's better nowadays, but whenever I see security research "attacking the layer 0", or not even the layer 0 but it's "side effects" and collecting information by that means, I always realize that the problem I was exploiting younger are maybe mostly gone, but it's also just that meanwhile I'm not up to date with the details of the current ones, giving me a false sense of security.
So, at the end of the day, to secure devices that have low chances of being specifically target, but high chances of being targeted by "large scale vulnerabilities" exploit, how would you feel about rolling your own lower layer of the network stack as a mean of securing it ?
There will definitively be possible vulns there, but in that situation, unless someone wants to dedicate time finding vulns and how to interface with in my particular, undocumented, unknown system, do you see a benefit there ?
I know security by obfuscation is a false sense of security, but it's always about the stakes you're facing imho. If feel like if you're just a noname dot, and just want to avoid mass scale vulns, without reasons to be specifically targeted, obfuscation might be one of the mean used along others, as most people will not invest time required in defeating your specific obfuscated context.
I also understand all the disadvantages on the interoperability side etc, but still wonder.
[link] [comments]
from hacking: security in practice https://ift.tt/zorSR15
Comments
Post a Comment