Certainly, the idea of a company pulling unpopular data (like how much they're polluting) under the excuse umbrella of homeland security is unconscionable. It does make sense, though, to not publish data to make an adversary's job easier; this idea has been espoused by computer security professionals for years.

In the old days of the Internet (a subjective figure to be sure,) one could anonymously use the 'finger' command on a host and retrieve all sorts of information about all of the users on a particular host. Even today, one can anonymously query servers of all sorts and get which brand and version it's running, then go look up an exploit. One of the first rules in 'hardening' systems from a security perspective is to take out all of this superfluous information.

Along these lines, I would argue, for example, that the blueprints to the Sears tower in Chicago should be pulled from public availability... it's true that benefits such as anyone being able to marvel at the fe

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/80/12648#12648