There is an age old question that philosophers have wrestled with over the years –
“If a tree falls in the forest and no one is around to hear it, does it make a noise”?
There are a couple of other philosophical and psychological sayings that are in the same vein as that one, that also fit with today’s topic.
Is something secured just because no one knows about it?
There have been persuasive arguments that come out of both camps.
Just as soon as your foot is firmly planted with one side, then the other makes an argument to support their point of view and now you change your mind.
This debate will go on for many years to come.
Security Through Obscurity
I guess I should explain now what I mean by security through obscurity.
It is a well known topic, but only in the security community.
When I say security through obscurity, what I mean is that we can hide a piece of data and hackers will not bother to search for it, or a machine does not have enough market share to warrant an attack from hackers.
This is a big reason why people say that an Apple Mac machine is secured.
Apple, and people who own Macs, will argue that the machine is very secure.
Others on the outside will argue that the machine is secured only because there is not enough attention paid to it by hackers.
They say that the reason is because of its low install base.
There is a case to be made for this, since there are known exploits for a Mac system but they are not wide spread.
Also the OS X is based on a Unix derivative, BSD, and Unix based systems are very secured but have been known to be attacked.
Linux, another derivative of Unix, has one of the largest install bases on servers and it is attacked often.
Popularity Breeds Attack
We can take another example, the Apple IPhone.
It is based on a modified version of OS X and there is a whole market based on people that have cracked it.
People want to open their IPhones so hackers have found a way to do that too.
They have made it trivial to break through the defenses.
Again, this is another case of a device being so popular that hackers want to break it.
This is not an air tight case that security through obscurity works but it does bring some reasonable points.
Where it breaks down is, as we see in the examples, once the item has been found, it is easy to exploit.
That is the biggest argument against security through obscurity.
There is one fail safe and when that is gone, there is no recourse, your data has been exposed.
So far, what seems to be the best solution is to use security through obscurity but do not let that be your only piece of security on the item.
You will have to make sure that you provide other serious layers of security or the data that you want to protect will be a sitting duck.