- From: Mete Balcı <Mete.Balci@pozitron.com>
- Date: Fri, 18 Oct 2013 09:28:11 +0000
- To: Tobie Langel <tobie@w3.org>
- CC: Dominique Hazael-Massieux <dom@w3.org>, Bruce Lawson <bruce@brucelawson.co.uk>, "public-web-mobile@w3.org" <public-web-mobile@w3.org>
It is unfortunately my personal experience with such agencies in Turkey and Middle East -also not only regulatory agencies but some of InfoSec teams in large enterprises-. I think the law or regulation does not directly refer to obfuscation, but unencrypted/unobfuscated binary is always an issue (usually with importance = High - 3rd in 5 levels) in pentests which has to be performed at least annually according to regulations. Mete ________________________________________ From: Tobie Langel <tobie@w3.org> Sent: Friday, October 18, 2013 12:01 To: Mete Balcı Cc: Dominique Hazael-Massieux; Bruce Lawson; public-web-mobile@w3.org Subject: Re: Mobile, Web and Security On Friday, October 18, 2013 at 10:50 AM, Mete Balcı wrote: > Although I completely agree with your comments about (2), the regulatory bodies even sometimes request this (obfustcation) as a level of protection/security. I've actually read the opposite (e.g. NIST recommends against security by obscurity[1]). Pointers to actual body of law that make obfuscation a requirement would be useful. --tobie --- [1]: http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf ________________________________ ________________________________ Bu e-posta mesajı ve ekleri gönderildiği kişi ya da kuruma özeldir ve gizlidir. Ayrıca hukuken de gizli olabilir. Hiçbir şekilde üçüncü kişilere açıklanamaz ve yayınlanamaz. Mesajın yetkili alıcısı değilseniz hiçbir kısmını kopyalayamaz, başkasına gönderemez veya hiçbir şekilde kullanamazsınız. Eğer mesajın yetkili alıcısı veya yetkili alıcısına iletmekten sorumlu kişi siz değilseniz, lütfen mesajı sisteminizden siliniz ve göndereni uyarınız. Gönderen ve POZITRON YAZILIM A.Ş., bu mesajın içerdiği bilgilerin doğruluğu, bütünlüğü ve güncelliği konusunda bir garanti vermemektedir. Mesajın içeriğinden, iletilmesinden, alınmasından, saklanmasından, gizliliğinin korunamamasından, virüs içermesinden ve sisteminizde yaratabileceği zararlardan Şirketimiz sorumlu tutulamaz. This e-mail and its attachments are private and confidential to the exclusive use of the individual or entity to whom it is addressed. It may also be legally confidential. Any disclosure, distribution or other dissemination of this message to any third party is strictly prohibited. If you are not the intended recipient, you may not copy, forward, send or use any part of it. If you are not the intended recipient or the person who is responsible to transmit to the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message and its attachments. The sender and POZITRON YAZILIM A.S. do not warrant for the accuracy, currency, integrity or correctness of the information in the message and its attachments. POZITRON YAZILIM A.S. shall have no liability with regard to the information contained in the message, its transmission, reception, storage, preservation of confidentiality, viruses or any damages caused in anyway to your computer system.
Received on Friday, 18 October 2013 09:29:11 UTC