• Ooops@feddit.org
    link
    fedilink
    English
    arrow-up
    64
    arrow-down
    3
    ·
    23 hours ago

    There was never an actual notion of “security through obscurity”. LInux runs the complete Internet and most coporate server infrastructure. That’s where the actual money is.

    People hallucinating that Linux is something obscure simply have no clue and confused their home desktop for real computing. Windows desktops are constantly targeted not because they are -unlike Linux- so wide-spread but because they are already insanely insecure. They are the low hanging fruit where you can cobble together some cheap shit and will still find million of PCs vulnerable. If you want to find a Linux comparison it’s definitely not server or desktops but cheap IoT devices not having seen an update (or any security to speak of) for many years.

    For reference: We are talking about guests in a virtual pc escaping it’s container. That’s not something obcure. That’s basically all cloud hoster’s whole business model, thus the reason Google pays a lot of money for finding such exploits.

    • egregiousRac@piefed.social
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      3
      ·
      21 hours ago

      Windows desktops are targeted because any place you have a user, you have a vulnerability. The vast majority of Linux installs are servers with extremely limited user activity, which narrows the attack vectors significantly.

      • Ooops@feddit.org
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        1
        ·
        9 hours ago

        You are right. I don’t know what your personal definition of “security through obscurity” is as it’s very obviously not matching actual reality.

          • Ooops@feddit.org
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            5 hours ago

            Just google the term

            Yes, please do.

            The actual notion of “security through obscurity” (that will surely come up on Google if their AI bullshittery hasn’t screwed up completely…) for Linux is insane because open source is the polar opposite. By that definition proprietary code is actually much more linked to the concept.

            The often more unprecise and colloquial usage I thus assumed you were using doesn’t apply either, for the reasons I summarised.

            So which imaginary definition of “security through obscurity” are you using and assuming that it will come up on Google when none of the real ones makes any sense?

            • atzanteol@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              2
              ·
              4 hours ago

              OMG.

              https://en.wikipedia.org/wiki/Security_through_obscurity

              In security engineering, security through obscurity is the practice of concealing the details or mechanisms of a system to enhance its security. This approach relies on the principle of hiding something in plain sight, akin to a magician’s sleight of hand or the use of camouflage. It diverges from traditional security methods, such as physical locks, and is more about obscuring information or characteristics to deter potential threats. Examples of this practice include disguising sensitive information within commonplace items, like a piece of paper in a book, or altering digital footprints, such as spoofing a web browser’s version number. While not a standalone solution, security through obscurity can complement other security measures in certain scenarios.

              You don’t know what you’re talking about - please stop. It’s embarrassing. It’s a long-standing industry term not some weird phrase I just made up. Nobody is saying “Linux is obscure”.