I am somewhat surprised by the statements about asymmetric crypto algorithms. Given a good library they don't seem more error prone and given many common use-cases they are not significantly slower.
Securealpolitik: saying there are safe asymmetric primitives doesn’t mean that’s what’s actually deployed. As long as the spec says is P256 ECDSA it’s a pretty reasonable assumption someone is going to screw up nonce handling.
(Incidentally ECDSA really is that much slower, but I appreciate that could be seen as cherry picking because ECDSA is slow even for an asymmetric algorithm.)
I don’t think the argument we’re trying to make is that asymmetric crypto definitionally can’t work. I’m pretty happy TLS exists. Just skeptical that you want to build your s2s auth on it.
There's no reason that Firefox couldn't check for the existence of a local DOH resolver, and if it doesn't see one, pop up a one time message offering to install one for you.
Every operating system has a system wide way of resolving names to IP addresses, and every application uses it. This new architecture of building custom name resolution into individual applications might be easier for them to build, but it's crap.
1. Bundling DNS with the browser (e.g. ignoring system DNS)
2. Using DNS over HTTPS
Mozilla could still do (1) and then use DNSCrypt + DNSSEC internally. Then, it would actually be used, but they'd be relying on existing technology that actually fits the use-case, rather than DNS-over-HTTPS.
For the record, I don't think you should ignore the system's DNS, either.
Doubly ironic in that the article describes abuses of power by immigration officials. "To read about this abuse of power, consent to our abuse of power". At least we can still say no to one.
Seriously? You want people to switch from software A to software B and you write an article that for the first half of the page sounds like you want them to stop using either of those softwares?
The article says you should stop using one particular ad blocker, and has good reasons for doing so. It's not telling you to stop using all ad blockers, and it gives a name for an ad blocker that people should use.
Actually I think, the misunderstanding is on your side. Unauthenticated DOES mean that the attacker can modify anything without you noticing. You might only notice because you are getting a file that looks like random junk but you wanted it to be a picture. But that is not something you should rely on for security.
But here's the point: Do you want people to spend their 10 minutes picking good passwords or setting up public key auth or should the spend them switching their server to port 24? Security BY obscurity is bad as the article states and unless you have infinite resources everything is a trade-off.
That's a false choice. No competent sysadmin is going to say "well, I was going to setup a public key but I spent all my time changing the SSH port number, so screw it".
Also when securing a box with public key encryption you should be configuring sshd to disable password authentication and disable root login. Editing an extra line in the config file isn't going to throw your schedule.
You're talking about 10 minutes for a simple way to filter 18,000 attempts down to 5.
Security, like everything else out there, should be prioritized according to ROI. This is a pretty good ROI...maybe not better than picking good passwords, but definitely better than many practices that IT departments advocate.
If you rely on logging as a “high priority” in your security architecture, then it follows that reducing noise is of parallel importance.
Personally, this is why I change SSH ports every time on a public service and add extra firewall rules if possible. If for some reason I want to watch port 22 “attacks”, I can do so.
I’m not even sure I place this in the security OR obscurity categories at this point ... more of a disk hygiene issue.
But obscuring may take away time from securing and it adds complexity to the system but systems with less complexity are easier to secure. So you at least have to be careful.
It is also important to consider the complexity too.
There is no such thing as "Security through unnecessary complexity", only the opposite.
The examples about changing port numbers are great, they are simple configuration changes, when people start wanting to add obscurity "features" they often wander down the path of complexity, inevitably adding vulnerabilities.
