Like everyone it seems, I think something is obscure if only a select few people know about something...but especially if this something being something that is insecure.

IE, it really isn't safe to leave your key near your house because there is a chance someone might find it if the wind somehow manages to move your doormat. But provided nobody who isn't supposed to know doesn't uncover it, for all intents and purposes it doesn't look like the key is there and the house appears safe. Of course, if someone takes the time to look everywhere for a key before breaking in, they will find it under the doormat, or ontop of a light fixture, or in some other crevice.

In computers, this could be likened to performing a full port scan. Checking for the common signs of a non-secure computer like open and outdated software on ports 80, 23, etc., is pretty accurate. (Is the house key resting ontop of your mailbox?) If they decide it is worth their time, IE you're a huge coorporation, they might decide to take extra time and port scan everything because what they could find might be worth it. (Do you live in a house with a 3-car garage and a swimming pool/spa? Do you look like you have something worth stealing?)


In the real world, I think security through obscurity is pretty valid although not entirely useful at protecting you. You just have to obscure stuff really well. I think it is good because there are physical limits - how fast can someone search - how much time do they have to search - is anybody watching them search - would they skip searching and physically damage whatever it is they need to to break in?

In the computer world, the networked one that is, that last one isn't as easily possible - something needs to be exploited. To know if something could be exploited, they must try everything else first. With the computer, your IDS (you are protecting yourself right?) could watch everything and realize something is not right and then disconnect you from the Internet or redirect the attack to a honeypot. You aren't really risking anything if you practice obscurity since they can't simply break into your car with a baseball bat and steal everything. You can detect it and protect yourself...



I think I need to get more sleep. I didn't think I'd end up supporting obscurity in this fairly long post, although is sure better not be the only layer of security...because then you loose to time and that underlined example above becomes true in the computer sense of it...