Emergency Alert System Insecure

glebe writes "The U.S. Emergency Alert System used to issue disaster warnings and other alerts over T.V. and radio is vulnerable to spoofing and denial-of-service attacks, SecurityFocus is reporting. Apparently, 'the EAS was built without basic authentication mechanisms, and is activated locally by unencrypted low-speed modem transmissions over public airwaves.' The FCC acknowledged the security issues yesterday in a public notice seeking comment on the future of the system."

Re:A good reason *not* to keep these things secret

[afidel]

Dude you are a moron. Seriously. Security through obscurity refers to obscuring or failing to reveal the method of security, not to obscuring the data path (which is what encryption does). A good security system is one which has been published and picked apart by all interested parties and agreed to be secure, if you obscure a weak security system then all it takes is a single individual revealing your security mechanism for it to be broken.

Re:A good reason *not* to keep these things secret

[HermanAB]

D00d, you d0n't get, 0r d0n't w@nt to get wh@t I'm s@ying: ALL encryption is security through obscurity.

Whitfield Diffie once said that encryption is 90% muddle and 10% mathematics. I actually understand what he means.

So, if you want to denegrate the security of a bad system, then you should use a different term, not 'security through obscurity', since that is all we got.