Comments on: The Steady Decline of Security via Obscurity

By: Online CPR guy

Online CPR guy — Mon, 01 Nov 2010 05:03:48 +0000

This will only continue to grow and I think it’s already too late for must of us.
After “playing” on the web for a few years, you will have lost all privacy.

By: AMcA

AMcA — Wed, 20 Aug 2008 04:11:02 +0000

I remember my late father saying to me, in roughly 1972, when I needed to get a Social Security card to get a job: “You know, this is your last chance to stay out of the system.”

I ran myself on Accurint recently. Shudder.

Dad knew what he was talking about.

By: Fidel, MD

Fidel, MD — Wed, 20 Aug 2008 00:51:39 +0000

I’ve taught (basic sciences in medical school) and yes, there are test banks floating around. Good for the students that use them – some insist on not, and suffer for it.

The US Government tried to keep the questions (and answers) for various licenses and certiciates (Radio Operator licenses, Pilot certificates) confidential, and it failed miserably. Now days you can download the test question bank (with thousands of different questions, and answers) from the government (for free) or buy books that have the information plus some explanations of why one answer is right and the others wrong. The governments attitude: They don’t care how you learn the material, as long as you learn it….

So too in medicine. From organizations that register people to memorize some (or all) of the MCAT to the same organizations that offer testing and training services for the licensure boards, the information is out there, and making some people a LOT of money (a 4-week prep course can cost in excess of $10,000). Likewise, test prep books fill the pages of Amazon and med school book stores.

Why not? For sciences where there are firm associations (an increase in this marker is associated with that disease, this type of drug for that condition, etc any way the student gets the right answer is fine.

As far as professors who object, I feel that as a professor I get paid for two things: Teaching and testing. I write a new test every time. But there are only so many ways certain facts can be questioned, and after a half-dozen different ways of asking the same thing I run out of ideas.

For areas that are subjective, my colleagues can at least ask a different essay question. But when you spend the entire semester discussing (say) the homoerotic symbolism in “Lord of the Rings” there may not be much … substance to ask questions about. So the students are short-changed in their education, their parents are short-changed in their tuition, and the professors are lazy hacks.

By: Phil

Phil — Tue, 19 Aug 2008 22:22:33 +0000

Security through obscurity does have it’s place. There are certain times you never want to use it, such as crypto algorithms (and open algorithm is much more secure than a “secret” one). And over-reliance on obscurity is always doomed to failure (as with physical locks and test preps noted in the post).

As a security guy myself, I have often argued that obscurity in and of itself is not necessarily a bad thing as part of a layered approach. With a layered approach even when the veil is pierced (which it will be) it’s not a catastrophic event since you have other layers and security measures in place that are effective independent of each other. It can be as simple as not putting any obvious signage or street numbers on a primary data center. If it is disclosed, it still will not alter the effectiveness of the other layers (man traps, CCTV, physical guards).

By: Shannon Love

Shannon Love — Tue, 19 Aug 2008 21:20:25 +0000

We might remember that secrecy is also a synonym for privacy. The techniques that can be used against institutions like lock manufactures can be turned against individuals should anyone choose to.

I imagine it will not be long before every politician, even minor local ones, are relentlessly and publicly tracked 24/7 for signs of unfitness for office. The rest of us will not be far behind.