Greedy Goblin

Monday, October 26, 2015

(In)security through obscurity

"A system relying on Security through obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that if the flaws are not known, then attackers will be unlikely to find them." "The National Institute of Standards and Technology (NIST) in the United States specifically recommends against this practice: System security should not depend on the secrecy of the implementation or its components."

Exact quotes from the Wikipedia about the dumbest way of security, often dubbed as "key below the mat" security. After all, if no one knows that the key is below the mat, they can't get in.

Probably the inherent flaws of this thinking crossed the mind of Jaidar Yasai, when his 8B covops hauler was killed by a notorious highsec hunter of such ships. The cargo hold of covops is unscannable, so no one can know what they haul. Too bad that they usually haul enough to make ganking worthwhile. Also, their cargo can be guessed if they haul high collateral contract packages, carefully planted by gankers.

Security must come from the system itself, assuming the enemy know about it. Everyone knows about my highsec hauling Tengu. It's also known to show up on the standard Jita-Amarr and another one on the Rens-Jita path a few times a week in EUTZ with 10-20B cargo. Yet no one in 3 years even attempted to gank it. Because it would need a fleet of 50 Tornadoes, all sitting on a gate, manned, waiting for hours and get lucky to decloak me.

These covops haulers can be oneshotted by a single Tornado and they can be reasonably decloaked by the strong traffic and the gate-guarding NCPs in highsec. Don't fly them in highsec! Same for the overloaded freighter or JF on some distant system where "no one ever flies". Transport your cargo in a way that you can survive even when expected. If it's small, use the Tengu, if it's medium sized, use an Occator! Only very bulky and cheap crap shall go to freighters! Put them into JFs/covopses only at the edge of highsec.

PS: tomorrow comes something huge, don't miss it (nothing anti-Goon)!

PS2: now this isn't huge (rather regular), but anti-Goon.


Anonymous said...

"Because it would need a fleet of 50 Tornadoes, all sitting on a gate, manned, waiting for hours and get lucky to decloak me."

That really isn't that many, and it really doesnt need them to be sitting there, it just needs someone to run a few locators or sit in a tradehub. Do you check every jump that you arent being followed?

Considering how much you think you piss goons off, and how important you say you are in defeating them, isn't it a little odd they dont explode your ship?

Gevlon said...

Why should I care if I'm followed or not? They must sit on the gate to volley me down, they can't bump-tackle and the initial tackle is popped by gateguns or Concord fast. Goons never attacked me, because it can't be done reliably and a failed attempt would be quite a bad propaganda for them.

Zosius said...

What's the fit of your transport Tengu? I still use Wreathe as I don't have Tengu skills trained, but to avoid getting shot, I use insta warp bookmark and never autopilot.

Gevlon said...

If only there were "links" in that post.