Security through obscurity

Sometimes I’m amazed as to why certain implementations remain – or were originally – in production use at all. Especially when it comes to restricting user access and such. DRM is an old-school example of such a security scheme which is defective by design.

My latest real-world encounterment of “security” is related to wireless networking. Everyone knows that wireless communication is unmanagable. You can attempt to direct it in the right path, but you can never stop anyone from capturing or even interpreting the communication. By being unmanagable, it is also deemed insecure by default. Sure, one can apply authentication, encryption or mere security through obscurity to stop randoms from using a wireless network. But given time, knowledge and devotion, no network is secure – even less a wireless such.

If a network has implemented proprietary authentication methods, invested in filtering hardware/software, require unique user certificates/logins to surf… The least you’d expect is that they also disabled internal routing for the city-wide VLAN, spread over countless of wireless access points. So you can’t just put up a bridge between that network and the outside world… But I’m not  complaining. I just think they shouldn’t have gone through all the trouble of making it seem verifiable/secure.

This is comparable with what I heard at a meeting yesterday. “Computer scientists don’t solve the problem, they bypass it”. This strategy of course spills over on “problems” which manifest themselves as “can’t do what I want” or “nothing is impossible!”.

If you can’t fly yourself, build an airplane!

3 thoughts on “Security through obscurity”

  1. And if you can’t build yourself an airplane, convince someone else to do it!

    Or, in todays world, convince a computer to do it.

Leave a Reply

Your email address will not be published. Required fields are marked *