Hacker News new | past | comments | ask | show | jobs | submit login

or, gosh, incorporate a security system that doesn't rely on obscurity of defenses or ignorance on the part of your attacker..?



Got a link to this consumer OS whose implementation is mathematically proven secure?


this is the entire point of defenses like ASLR and stack canaries. the attacker knows they are there, but knowing the form of the defenses doesn't inherently aid the attacker...


Knowing a defense has weaknesses doesn't make it worthless when it takes extra effort for an attacker to exploit that weakness. There is no proven secure consumer OS (I'm including common userland apps in that) so things like ASLR and stack canaries are just extra obstacles to get around.

Real security needs to be layered.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: