1. 5

Part 2

Part 3


  2. 2

    Muah ha haaa!

    Finally, someone willing to acknowledge that the fluid, murky quicksand of security-through-obscurity can demonstrate an occasional amount of utility, when planned as a known quantity within one’s security stance.

    1. 1

      I thought heartbleed allowed you to read private memory from the server, I don’t see how transforming the data stream would have protected you from that like they are suggesting? You would have to obscure the data at rest for that to work.

      1. 1

        It protects you from automated attacks, since your server no longer speaks TLS. If someone’s automated script tries to open a regular TLS connection it gets XORed into garbage and ignored and they move on to a new target.

        1. 1

          Oh I see. I was thinking under TLS, not over it. That makes more sense.