I mean really the whole thing. Security by obscurity is no security at all. Device search engines like shodan exist and seeking out specifically insecure devices becomes easier by the day.
Absolute security is achievable, but comes with costs. If I’m willing to airgap everything and never go online, only using my own code, my device will be safe.
Black box testing is MUCH harder than white box testing, especially as, and I hate to say it, AI based security scanners become better and better at identifying flaws in source code. Having more information about your target is always the first step in penetration testing, and more information is ALWAYS better.
I mean really the whole thing. Security by obscurity is no security at all. Device search engines like shodan exist and seeking out specifically insecure devices becomes easier by the day.
Absolute security is achievable, but comes with costs. If I’m willing to airgap everything and never go online, only using my own code, my device will be safe.
Black box testing is MUCH harder than white box testing, especially as, and I hate to say it, AI based security scanners become better and better at identifying flaws in source code. Having more information about your target is always the first step in penetration testing, and more information is ALWAYS better.