|
|
|
|
|
|
by arghwhat
2330 days ago
|
|
|
This doesn't matter at all. Attackers either flood you with every attack under the sun, or tear your site apart and will know exactly how it works. Imagining that you can hide the function of your site is again security by obscurity. The key idea here (I forgot the name of the law, but others' mentioned it in the tread) is that regardless of what you do, the adversary will end with complete understanding of how your system works. Therefore, any security based entirely on the adversary not learning about implementation details is entirely defective. Furthermore, an attack exists for days, months or even years before fixed, it takes time to fix and release, and it takes time for you to discover the advisory and deploy. You were not vulnerable for 7 hours. You were vulnerable for weeks, months or years. |
|
|