I’ve been following the news about 8chan. Was surprised to learn that companies like Cloudflare and BitMitigate protect web sites from attacks.
I recall this board has been hit by denial-of-service attacks. If the SDMB is using BitMitigate they need to find another provider. The SDMB isn’t controversial, but there are plenty of hackers out there that will attack anyone.
Dunno but that’s part of the deal, isn’t it? That’s not the kind of information a company wants to make public – they don’t want to talk about their security measures because it IS a matter of security.
Jenny
your humble TubaDiva
Administrator
Sometimes it helps to let people know a place is protected.
A lot of people put ADT signs in their yard. Some of them aren’t clients of that company. The signs often work anyway.
I understand the board doesn’t want to give out specific information about security.
Generally speaking, security through obscurity isn’t security at all. Like, if you have a lock, you might think you wouldn’t want to advertise what kind of lock it is because that would attract people who might know that particular lock’s weakness, but a true lock picking expert wouldn’t be stymied by that – they’re going to recognize the lock and know its weakness. Better to get a good lock in the first place than hope to keep its weaknesses secret.
Plus, you know, if Cloudflare is providing DDoS protection all traffic is going to be routed through their servers anyway, which is going to let the cat out of the bag.
To answer the OP, it looks like SDMB is hosted on Google’s cloud, so they’re going to be the ones providing DDoS protection.
Not at all (I explain to the site administrator). When there are problems with a site, Cloudflare displays (to the user at home) error messages such as this. Nothing secret. You don’t have Cloudflare.
Here’s a thought: *Maybe they don’t want to talk about it. *
Lemme see… so if I get, say, a Master lock, then anyone who wants to look it up could pick the lock, including a lock pick expert.
But if I get a lock and no one knows what kind of lock it is, only a lock pick expert could pick the lock.
But you think it makes more sense to get the Master lock?
:dubious::rolleyes:
The principal is that your lock should be unpickable, rather than having a pickable lock and keeping its identity (and its flaws) secret.
The idea is that obscurity should not be your only defense. This is not the same idea as telling the adversary what your defenses are.
Aye.
Please note that everything about the Chicago Sun-Times is private; it’s a privately held company. As a general rule they do not talk overmuch about anything except that they want you to buy the paper and subscribe to their services.
Jenny
your humble TubaDiva
Administrator
No, you assume your adversary knows what your defenses are, because it gives them no advantage to know any such thing assuming you’re competent.
Who are the Sun-Times’s adversaries?
Your statement in no way contradicts mine. However, given the state of computer security I disagree that telling attackers exactly how you’re defended makes sense.
Realistically, spammers.
Thinking secrecy protects you is wrong. That’s my point.
Y’all may be reading too much into my choice of the word “advertise” in post #4. Certainly there’s no sense in putting up a big neon sign advertising the brand of lock you’re using, that gets you nothing. However, if a friend asks you what kind of lock you bought to lock up your bike, and you’re hesitant to tell her because you’re afraid some nefarious actor might overhear you, that’s probably a sign that you’re thinking about security wrong.
In the same way, if someone asks what DDoS protection your site uses and you’re hesitant to tell them because you think it will hurt your security for people to know, you’re probably thinking about it wrong. And it’s especially silly in the case of DDoS protection, because there’s basically no way to actually keep that a secret – a simple traceroute will tell anyone what you’re using if you’re using a 3rd party service provider.
In any case, this is ATMB not GD and the question has been answered.
The Tribune is coming! The Tribune is coming!
I hope the arch-rival of the Sun-Times is the Moon-Spaces.
You mean the Washington Times?
…and that’s why governments everywhere no longer classify information as secret, right? :dubious:
